A useful addition for the security conscious (hey I used to be a CISO so I know this is important!). So why allow users to opt-out?
More security for your users: Two-step verification now available for Google Apps: "
Two-step verification is now available for Google Apps. When enabled by an administrator, it requires two means of identification to sign in to a Google Apps account. A mobile phone is the main requirement to use the second form of identification. It doesn’t require any special tokens or devices. After entering a password, a verification code is sent to the user’s mobile phone via SMS, voice calls, or generated on an application they can install on their Android, BlackBerry or iPhone device. This makes it much more likely that it is the user accessing the data: even if someone has stolen the password, they'll need more than that to access the account. Users can also indicate when they're using a computer they trust and don't want to be asked for a verification code from that machine in the future.
Premier, Education Edition and Google Apps for Government
US English Only (Next Generation Control Panel)
How to access what's new:
- Google Apps Administrators can enable this option in the control panel in the 'Advanced Tools' section by checking the box 'Allow users to turn on two-factor authentication'. Users still have to opt-in to use this feature and it is not possible to make this mandatory for all users. To see this new option, your control panel must be using the ‘Next Generation’ version.
- Once your users manually enroll in two-step verification, they may need to use access codes in addition to their verification codes. For installed applications that don’t have a two-step verification field, your users will need to enter an access code once per device or application in place of their regular password to access their Google Account. Common devices and applications that require access codes are: Gmail and Google Calendar on Android-based phones, ActiveSync for Windows Mobile and iPhone, and IMAP clients such as Thunderbird.
- At any time, administrators can un-enroll users from two factor verification in the control panel, either through the checkbox to allow it or in the user’s individual settings.
- Two-step verification can’t be used for accounts using a SAML single sign-on service (SSO).
For more information:
Help Center overview: http://www.google.com/support/a/bin/answer.py?hl=en&answer=175197
Get these product update alerts by email
Subscribe to the RSS feed of these updates