If you have ever used VPN tokens to remotely access your computer at work, then this concept is going to sound familiar. Google wants to increase the security when logging into any of their sites or apps by creating a two-step verification system. Here’s how it would work:
In addition to using your normal login name and password, Google will send a verification code to your phone, or allow you to generate one yourself using an app right from your smartphone device. You would then enter this code along with your regular login credentials to prove that “you are really you” – and not somebody who just key-logged your username and password.
I’ve seen a similar strategy used before with banking websites, usually when you forget your password or log in from a different computer. This is really smart on Google’s part, as there are a lot of applications and services now being used by businesses and I’m sure they wouldn’t want their accounts compromised.
via [Google Online Security Blog]