Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Google Apps Gets Two-Factor Security

CmdrTaco posted more than 4 years ago | from the third-factor-requires-blood-sample dept.

Google 118

judgecorp writes "Passwords alone are not enough to secure access. Many organisations require two-factor authentication with a token. Google just added free two-factor verification to Google Apps, sending a one-off token to the user's mobile phone. It's good to have this for free, and it backs up Google's assertion that cloud apps are more secure — but it doesn't answer how it helps if an intruder is getting into Apps through a lost or stolen phone."

cancel ×

118 comments

Sorry! There are no comments related to the filter you selected.

Cloud apps more secure? (1, Insightful)

Anonymous Coward | more than 4 years ago | (#33634624)

Or you know, a Google (or any other cloud service) employee [slashdot.org] access all your data because they own it then... No, cloud services are not more secure. Especially free ones who's business model is to make money off your private information.

Re:Cloud apps more secure? (2, Insightful)

Anonymous Coward | more than 4 years ago | (#33634632)

I'm not sure that necessarily makes your data less secure. An administrator always has access to your data, whether that admin works for your company or another company doesn't necessarily change the likelihood that the admin will abuse their power.

Re:Cloud apps more secure? (0)

Anonymous Coward | more than 4 years ago | (#33634872)

It does when your chances of discovering such unauthorized access fall drastically if that admin isn't employed by the same company you work for.

Re:Cloud apps more secure? (1)

morgan_greywolf (835522) | more than 4 years ago | (#33634954)

It does when your chances of discovering such unauthorized access fall drastically if that admin isn't employed by the same company you work for.

Not really. In the case of Google Apps, the problem of admin abuse becomes Google's. Google, in turn, has a vested interest in ensuring that their paying customers' data stays private. And if you're not one of Google's paying customers, well, I suppose you get what you pay for, eh?

Re:Cloud apps more secure? (2, Insightful)

IndustrialComplex (975015) | more than 4 years ago | (#33635108)

Google, in turn, has a vested interest in ensuring that their paying customers' data stays private.

Google has a vested interest in ensuring that their paying customers' data breaches stay private. That's number one. If they can't ensure number one, then your statement takes priority.

The issue with Google's model is that you rely on Google's policy/process and you cannot directly negotiate/control that. (Not saying that their policy/process isn't acceptable for some people, but that you don't get to directly influence it)

Re:Cloud apps more secure? (1)

morgan_greywolf (835522) | more than 4 years ago | (#33635614)

Google has a vested interest in ensuring that their paying customers' data breaches stay private. That's number one. If they can't ensure number one, then your statement takes priority.

You could say the exact same thing for a sysadmin that you pay yourself, however, which was the whole point of the parent of the post I replied to.

Re:Cloud apps more secure? (2)

IndustrialComplex (975015) | more than 4 years ago | (#33636458)

You could say the exact same thing for a sysadmin that you pay yourself, however, which was the whole point of the parent of the post I replied to.

Which is why I continued my comment beyond that point and discussed direct and indirect control.

The sysadmin reports to me. Part of my job is making sure he is doing the job I'm paying him to do. Keeping the comparison simple, if I'm the company president, my level of control over behavior is 100% You can only say the sysadmin has the same interest if I fail to effectively manage the person I hired.

Google's sysadmins report to them. I am but one of thousands of equivalent contracts to them. Therefore the level of control I have over their internal process and behavior is immediately reduced by a factor of several thousand. Everything I would want to do or change is subject to lag, both in time, and in effect.

Re:Cloud apps more secure? (1)

morgan_greywolf (835522) | more than 4 years ago | (#33636740)

And if Google's privacy policies are inadequate for your needs, then you shouldn't use them.

However, for those thousands of contracts, Google's privacy policies are perfectly acceptable.

Everything is a tradeoff; with the cloud you get less direct control, but you save costs by not having to administer the applications yourself. With the locally-stored data, you get lots of direct control, but your costs are exponentially higher.

One more thing: if you are storing data locally for that greater control, more than 60% of your data is going to wind up being saved on users' local desktops, which in most organizations will be neither secure nor backed up and in all cases will be much less secure with greater data integrity problems than with centralized control on a server. That's something else you have to take into consideration when evaluating such tradeoffs.

Re:Cloud apps more secure? (2, Interesting)

mlts (1038732) | more than 4 years ago | (#33635464)

If you look at a cloud provider like Google, there are two paying customers: Enterprises and businesses, and advertisers. So, on one hand, the cloud provider needs to protect data for people paying for their apps. On the other hand, they need to cough up data so the advertisers keep paying.

This bifurcation is why I prefer using E-mail providers whose sole revenue stream is customers. This way, advertisers have no vested interested in what data sits on the servers. Hosted Exchange providers come to mind here, same with me.com.

Re:Cloud apps more secure? (1)

mlts (1038732) | more than 4 years ago | (#33635562)

Blergh, pardon the grammar goofs. What I intended to state is that it is hard for a company to serve two different types of interests without letting one win out. Does a cloud provider prefer privacy of paid E-mail customers over ad data handed to advertisers?

Perhaps the best of both worlds would be dividing the two interests into separate divisions. Paid E-mail goes to one set of servers where the sole focus is the customer. "Free" [1] E-mail goes to another set where advertisers can get their statistics they pay for. If there is a privacy lapse in the "free" E-mail, it doesn't affect the paid customers.

[1]: TANSTAAFL. Gmail is probably the closest thing to a decent "free" E-mail provider out there, but for privacy's sake, I much rather use a provider that I pay and who does not get ad dollars.

Re:Cloud apps more secure? (2, Insightful)

morgan_greywolf (835522) | more than 4 years ago | (#33636564)

The only kind of "private" e-mail that exists is the kind that you encrypt. Once a plaintext e-mail leaves your client, there is no guarantee that some third party won't read it.

Security through obscurity is the same as no security at all.

Re:Cloud apps more secure? (1)

SuperQ (431) | more than 4 years ago | (#33636728)

This is completely misleading and wrong. The ads system matches content to an ad. At no point is there even a reason for the data to leave Google. If you could sign up for an advertiser account and get data out of Google people would be marching with torches and pitchforks.

There is no conflict between the user serving side and the ads serving side. Especially when you consider that Apps enterprise admins/users can literally turn ads off.

Re:Cloud apps more secure? (1)

mlts (1038732) | more than 4 years ago | (#33637642)

I didn't state that advertisers had access to E-mail contents, but analytical data relating to E-mail traffic. However, the cloud provider is the place that decides how much or how little anonymizing takes place. For example, does an advertiser get to know that account "X" gets a lot of mail with the "buying a Chevrolet" that are not spam often, or does that person do a lot of dialog about buying Fords?

In any case, if advertisers are paying the bills as opposed to the end user, E-mail account holders are not customers. They will be viewed as visitors at best, leeches at worst.

Re:Cloud apps more secure? (2, Insightful)

Pojut (1027544) | more than 4 years ago | (#33634656)

Agreed. I fail to see how sensitive information being sent over the Internet could be more secure than keeping sensitive information stored on a computer that doesn't even have a network card installed.

Re:Cloud apps more secure? (3, Insightful)

ibsteve2u (1184603) | more than 4 years ago | (#33634718)

The most interesting inference to me is that some third-party vendor who is serving up cloud apps has employees who are inherently more trustworthy than the ones you handpicked are.

Re:Cloud apps more secure? (2, Interesting)

numbsafari (139135) | more than 4 years ago | (#33635030)

I know where the employees who work for me live. I know what car they drive. I know where they like to go to lunch. I have their social security number and a copy of their driver's license.

I also know a guy named Tony. Tony likes to break things. And ever since some pencil-neck computer nerd posted pictures of Tony's girlfriend on-line, Tony really likes to break computer nerds.

With Google, these things are much less transparent.

Re:Cloud apps more secure? (1)

ibsteve2u (1184603) | more than 4 years ago | (#33635190)

With Google, these things are much less transparent.

Oh...so you don't think the results harvested from "Google would like to know your location." are going into a massive database linking every IP address - and, by extension, IPs in the same subnet - to a physical location?

I.e., Google's "Tony" knows where you work AND live...and he's got your data.

Re:Cloud apps more secure? (0)

Anonymous Coward | more than 4 years ago | (#33635386)

no, he may know where you work and live, but he DOES NOT have your data. That's the whole point!

Re:Cloud apps more secure? (0)

Anonymous Coward | more than 4 years ago | (#33636076)

You're COMPLETELY missing the whole point.

1) Unless he has access to that data it's not transparent from his POV.

2) Google knowing stuff about you is not the same as you knowing stuff about your own employees.

Re:Cloud apps more secure? (2, Insightful)

Anonymous Coward | more than 4 years ago | (#33634744)

It appears Google's argument is "it's safer/easier/cheaper to use Google Docs than emailing your file as an attachment, or letting employees put it on laptops and USB keys which they then loose."

If you have information which can only be transmitted between a computer monitor and the user's eyeballs, I don't think Google has any thing to peddle to your corporation, unless they start selling Faraday Cages to guard against Van Eck phreaking.

Re:Cloud apps more secure? (3, Insightful)

IndustrialComplex (975015) | more than 4 years ago | (#33635086)

Agreed. I fail to see how sensitive information being sent over the Internet could be more secure than keeping sensitive information stored on a computer that doesn't even have a network card installed.

Security and Availability go hand in hand. Security isn't just, NO ONE EVER GETS TO LOOK AT MY DATA. Security is also making sure that your data remains undamaged (integrity) and available to the people that you want to see it.

Re:Cloud apps more secure? (1)

xtracto (837672) | more than 4 years ago | (#33635458)

Agreed. I fail to see how sensitive information being sent over the Internet could be more secure than keeping sensitive information stored on a computer that doesn't even have a network card installed.

Security and Availability go hand in hand. Security isn't just, NO ONE EVER GETS TO LOOK AT MY DATA. Security is also making sure that your data remains undamaged (integrity) and available to the people that you want to see it.

Uhhh, me thinks you are confusing privacy with security.

Data privacy is the one about

NO ONE EVER GETS TO LOOK AT MY DATA.

While data security is about

making sure that your data remains undamaged (integrity) and available to the people that you want to see it

Re:Cloud apps more secure? (1)

IndustrialComplex (975015) | more than 4 years ago | (#33636184)


Uhhh, me thinks you are confusing privacy with security.

Data privacy is the one about

While data security is about

For reference: http://en.wikipedia.org/wiki/Information_security [wikipedia.org]

Integrity
Availability
Confidentiality

It isn't that they are all one and the same and in equal measure, it is that they all are aspects of designing a secure system. For a given system, confidentiality (a more comprehensive term than privacy) is an aspect that you evaluate and your requirements are derived from your need.

Privacy, as you state it, IS a factor in designing a secure system. How do you make the data available to the right people while restricting access to the wrong people. How do you evaluate if the data you require to be confidential has remained confidential? All of these questions are so bound into the concept of information security that to call it a distinct and separate element is false.

Or in simple terms: You need to know what you want from a confidentiality aspect if you hope to design a secure system.

Re:Cloud apps more secure? (1)

ronocdh (906309) | more than 4 years ago | (#33635118)

I fail to see how sensitive information being sent over the Internet could be more secure than keeping sensitive information stored on a computer that doesn't even have a network card installed.

While I acknowledge your penchant for information security, I fail to see how information on a non-networked computer is useful. If we're tearing out our network cards in 2010 (note that the very notion of non-embedded networking hardware is rather old-hat), let's just go back to poking at clay tablets with sticks! All this new-fangled technology is for the birds, right?

TFA is about ensuring that computer security improves to meet new challenges. That is both harder and more noble than throwing the baby out with the bathwater, which you seem to propose as a reasonable solution.

Re:Cloud apps more secure? (1)

mlts (1038732) | more than 4 years ago | (#33635270)

There are times when having something non-networked is useful. Offline key signing for example where one takes a USB flash drive full of items to be signed to an offline HSM in a physically secure location where only a few people have access to it.

What I see that might happen as a compromise between completely air-gapping versus complete connectivity are private backbones. Think NIPRNet, except for businesses. I can see banks coming out with a backbone, "BIPRnet" which connects businesses either on their own dedicated lines, or encrypted gateways if the traffic does have to go over the Internet.

Because this is a closed backbone, it doesn't have to even use IP. It can use its own protocol or virtual circuits with a master machine deciding which boxes on the backbone can communicate where.

Re:Cloud apps more secure? (1)

hedwards (940851) | more than 4 years ago | (#33635890)

Indeed, apart from DoD and intelligence work with sensitive documents, I don't think it's terribly useful to have a non-networked computer in this day and age. Perhaps you could make it really secure and super glue the cup holder shut, and perhaps do the same to the USB ports and network jack, but at some point you're going to need to actually use the computer at which point security becomes rather moot. After all there's little point in securing a computer with no data on it.

Re:Cloud apps more secure? (1)

140Mandak262Jamuna (970587) | more than 4 years ago | (#33635164)

All it took was a blank CD that pretended to be Lady Gaga music to allow a traitor to leak 80000 classified docs to WikiLeaks.

Inside jobs, carelessness, apathy, weak passwords etc account for most of the data loss. Packet snooping on https connections is not the main source of security breaches.

Re:Cloud apps more secure? (1)

MobileTatsu-NJG (946591) | more than 4 years ago | (#33635592)

Or you know, a Google (or any other cloud service) employee access all your data because they own it then... No, cloud services are not more secure. Especially free ones who's business model is to make money off your private information.

Oh shush. Google fans value freedom.

There's a price. (5, Insightful)

Anonymous Coward | more than 4 years ago | (#33634626)

For the low low price of your mobile phone number we will give you some extra security!

...because it's 2 factor... (3, Informative)

OneMadMuppet (1329291) | more than 4 years ago | (#33634644)

...which means if someone gets one factor (your phone), they still don't have the other (your password).

Re:...because it's 2 factor... (4, Insightful)

chill (34294) | more than 4 years ago | (#33634686)

Allow me to introduce you to Google's "I lost my password, send me a code to my mobile phone to reset it" feature...

Re:...because it's 2 factor... (2, Insightful)

MBGMorden (803437) | more than 4 years ago | (#33634714)

I believe that's via email, which can be tied to your phone, but not necessarily.

The reality though is that the only completely secure system is one that NO ONE can access. If you want it to be useful, the system HAS to have some way to unlock itself. Saying that a person can access the system if they have all of your credentials isn't really a flaw - it's the way the system has to work.

Put bluntly, there has to be SOME point when the user steps up and starts becoming responsible for keeping track of their credentials.

Re:...because it's 2 factor... (1)

vlm (69642) | more than 4 years ago | (#33635046)

Saying that a person can access the system if they have all of your credentials isn't really a flaw - it's the way the system has to work.

Not "has to work" at all. Not even remotely. First example off the top of my head in the first few seconds:

Some other gmail user whom you have sent email in the past (lets say, one year) has to log into gmail and acknowledge that yes indeed you are requesting a new password for yourself. That second factor would have to be via a voice telephone call or in person request or whatever.

In that two (or more) factor authentication, an attacker would not only have to take over all of your credentials, but also take over the credentials (or at least login) of one of your friends.

I think that the main hidden purpose of the "google me" social network thingy is to do stuff like this, friends that you've selected are authorized to unlock your account when at least X out of Y of them agree its a wise choice and there's less than Z vetos of the decision.

Re:...because it's 2 factor... (1)

hedwards (940851) | more than 4 years ago | (#33636008)

That's not even remotely realistic. Besides being overly cumbersome, it just changes the strategy needed to break into the account. And ultimately it doesn't solve the problem of having all the credentials anyways, because that doesn't evencome into play until you've lost them.

Unless you're seriously suggesting that they randomly contact somebody that you may or may not know for approval. Which is far, far more likely to end up in shenanigans than just trusting Google.

Re:...because it's 2 factor... (1)

Anne_Nonymous (313852) | more than 4 years ago | (#33634810)

Allow me to introduce you to Google's "I lost my password and my mobile, just log me in anyway" feature...

Re:...because it's 2 factor... (1)

chill (34294) | more than 4 years ago | (#33634862)

As opposed to the "some of the Google engineers have already read your mail. There isn't anything you need to see right now, anyway." Service? :-)

Re:...because it's 2 factor... (1)

rhsanborn (773855) | more than 4 years ago | (#33634992)

That would be an excellent service. Google can pre-filter email accounts and only pull out the accounts likely to be owned by a person with significant disposable income or high credit rating. It would save the phishers from having to try hundreds of dead-ends!

Re:...because it's 2 factor... (1)

MozeeToby (1163751) | more than 4 years ago | (#33636018)

Then put a pin or password on your phone and/or install an application that allows you to perform a remote wipe if you lose it.

Re:...because it's 2 factor... (0)

Anonymous Coward | more than 4 years ago | (#33636060)

That's nice, but I don't believe "send me a code to my mobile phone to reset it" is a mandatory setting. If you choose to enable it, then you know that's a risk you take if you lose your phone. Just like if you choose to engrave your Google password on the back of your mobile phone. Same difference.

Fuck Everything, We're Doing 3 Factor (1, Funny)

Anonymous Coward | more than 4 years ago | (#33634950)

Would someone tell me how this happened? We were the fucking vanguard of security in this country. The password needing numbers was the password to own. Then the other guy came out with a need for numbers. Were we scared? Hell, no. Because we hit back with a little thing called the case sensitive and symbols. That's needing to remember your capitals and lowercases. For complexity. But you know what happened next? Shut up, I'm telling you what happened—the bastards went to 2 factor. Now we're standing around with our cocks in our hands, selling case sensitive in our passwords. Capitals or no, suddenly we're the chumps. Well, fuck it. We're going to 3 factor.

Sure, we could go to 2 factors next, like the competition. That seems like the logical thing to do. After all, one worked out pretty well, and two is the next number after one. So let's play it safe. Let's add on symbols and call it the strong passwords. Why innovate when we can follow? Oh, I know why: Because we're a business, that's why!

You think it's crazy? It is crazy. But I don't give a shit. From now on, we're the ones who have the edge in the security game. Are they the best a man can get? Fuck, no. Google is the best a man can get.

What part of this don't you understand? If one factor is good, and two factors are better, obviously three factors would make us the best fucking password that ever existed. Comprende? We didn't claw our way to the top of the security game by clinging to the one factor industry standard. We got here by taking chances. Well, three factors is the biggest chance of all.

Here's the report from Engineering. Someone put it in my pocket: I want to log into shit with it. They don't tell me what to invent—I tell them. And I'm telling them to stick two more factors in there. I don't care how. Make the factors so varied they're everywhere. Put some in their iPad. I don't care if they have to cram the third factor in sequence to the other two, just do it!

You're taking the "protected" part of "password protected" too literally, grandma. Cut the strings and soar. Let's hit it. Let's roll. This is our chance to make security history. Let's dream big. All you have to do is say that three factors can happen, and it will happen. If you aren't on board, then fuck you. And if you're on the board, then fuck you and your father. Hey, if I'm the only one who'll take risks, I'm sure as hell happy to hog all the glory when the three factor security becomes the security tool for the U.S. of "this is how we secure now" A.

People said we couldn't go to case sensitive. It'll cost a fortune to manufacture, they said. Well, we did it. Now some egghead in a lab is screaming "three factor's crazy?" Well, perhaps he'd be more comfortable in the labs at Microsoft, working on fucking administrator permission. Confirm permission, my white ass!

Maybe I'm wrong. Maybe we should just ride in Apple's wake and make phones. Ha! Not on your fucking life! The day I shadow a penny-ante outfit like Apple is the day I leave the security game for good, and that won't happen until the day I die!

The market? Listen, we make the market. All we have to do is put her out there with a little jingle. It's as easy as, "Hey, security with anything less than three factors is like twittering your passwords to the world." Or "You'll be so secure, you won't even need condoms anymore." Try "Your encryption's gonna be so complex, Turing's going to come back to make an encryption algorithm with the key YOU ARE FUCKING AWESOME."

I know what you're thinking now: What'll people say? Mew mew mew. Oh, no, what will people say?! Grow the fuck up. When you're on top, people talk. That's the price you pay for being on top. Which Google is, always has been, and forever shall be, Amen, three factors, sweet Jesus in heaven.

Stop. I just had a stroke of genius. Are you ready? Open your mouth, baby birds, cause Mama's about to drop you one sweet, fat nightcrawler. Here she comes: Put another password on that fucker, too. That's right. Three factors, two passwords, and make the second one change based on the day of the week. You heard me—the second password changes. It's a whole new way to think about security. Don't question it. Don't say a word. Just key the music, and call the chorus girls, because we're on the edge—the razor's edge—and I feel like dancing.

Re:...because it's 2 factor... (1)

Confusador (1783468) | more than 4 years ago | (#33636084)

Unless you have your phone store your password, but who's users would be stupid enough to do that? As you say, though, even in that worst case scenario they've reduced the problem down to attackers who have both the phone and the password. I fail to see any way that increasing security is a bad thing, even if there's still a hole (there's always a hole).

Re:...because it's 2 factor... (1)

wvmarle (1070040) | more than 4 years ago | (#33637028)

Indeed making it no more or less secure than other two-factor systems that require some USB token or so.

As a matter of fact today when I came back from lunch I found such a USB token, in this case to access an e-banking web site. Someone from the neighbouring office dropped it while opening their gate or so, it was in the middle of the corridor. Not smart. I just rang their door bell and returned it to them.

I happen to know which bank it belongs to (I have a similar token), it wouldn't have given me access to their account even if I wanted to. I still missed the un/pw combination that goes with it.

Something you have plus something you know... pretty secure with fairly little hassle.

It's Obvious (3, Funny)

sjpadbury (169729) | more than 4 years ago | (#33634650)

Learn to keep track of your damn phone...

Re:It's Obvious (2, Insightful)

eldavojohn (898314) | more than 4 years ago | (#33634740)

Learn to keep track of your damn phone...

And what do I do when I don't have phone service?

I recently went on vacation to Grand Cayman and didn't have any phone service. What happens then? I had to correctly identify friends from random Facebook pictures in order to log into Facebook the first time (at which point the place I was staying was apparently white listed for me to log into for the rest of the trip).

Sure, it's probably a small annoyance to pay for better security unless you travel often or have really randomly spotty cell phone service. A trip out to my parent's farm would probably be more than an annoyance as I await the text msg okaying me to log into GMail through my parent's 56k modem. I guess everything comes with a price but I'd probably just turn this off and leave it off instead of regretting it on vacation if I forget to disable it before traveling.

Also, a few of my company's clients have server rooms in the depths of basements with little to no cell phone reception. Would hate to work there if you try to log into GMail and get asked for this. You'd have to go for a walk to get your authentication code.

Re:It's Obvious (1)

wealthychef (584778) | more than 4 years ago | (#33634910)

That's a great example of why some argue that the "secret questions" approach to "enhanced security" is actually less secure than just a password. How many of your friends do other people know as well as you? That's very guessable compared to your password.

Schneier and Target (1)

tepples (727027) | more than 4 years ago | (#33635392)

That's a great example of why some argue that the "secret questions" approach to "enhanced security" is actually less secure than just a password.

Bruce Schneier has written about this [schneier.com] , twice [schneier.com] . Yet Target.com insists on having credit card holders set five (!) secret questions.

Re:It's Obvious (1)

hedwards (940851) | more than 4 years ago | (#33636044)

Worse, or better depending upon your perspective, is when the questions list is limited and one of them is completely useless. There's a fair number of people born in the late 40s, who have no middle name, as in they were named in part after President Truman, leaving you in the position of making up a name you won't remember or having a single letter answer.

Re:It's Obvious (1)

camperdave (969942) | more than 4 years ago | (#33635020)

I had to correctly identify friends from random Facebook pictures in order to log into Facebook the first time

Apparently that is a very secure way to validate the user. The face recognition part, not necessarily the Facebook part.

Re:It's Obvious (1)

vlm (69642) | more than 4 years ago | (#33635122)

Apparently that is a very secure way to validate the user. The face recognition part, not necessarily the Facebook part.

Unless you are friends / schoolmates / coworkers with people in show business.

Re:It's Obvious (0)

Anonymous Coward | more than 4 years ago | (#33636382)

If you have a smart phone and install the 2nd factor app instead of using the SMS option, you won't need phone service, so you're all good!

Re:It's Obvious (1)

wvmarle (1070040) | more than 4 years ago | (#33637072)

You'd have to go for a walk to get your authentication code.

Only to get timed out by the time you return of course.

Inconvenience (1)

Sonny Yatsen (603655) | more than 4 years ago | (#33634662)

Does this mean that a misplaced phone will present a serious impediment to being able to access your work on Google Apps?

Re:Inconvenience (1)

xouumalperxe (815707) | more than 4 years ago | (#33635784)

Yes, exactly. Same as misplacing a SecurID token (or anything similar) locks you out of using whatever service the token is tied to. The horror.

If *anything* gets stolen... (4, Insightful)

NYMeatball (1635689) | more than 4 years ago | (#33634690)

It sort of compromises everything - but that doesn't mean it's a bad form of authentication, does it?

Once your machine, token, credentials, anything have been physically compromised, it's generally accepted that you're hosed (at least for that one factor).

Seems like a step in the right direction.

Re:If *anything* gets stolen... (2, Insightful)

Jurily (900488) | more than 4 years ago | (#33634908)

Agreed. While it's by no means perfect, it is more secure.

Most accounts today are not compromised because the attackers specifically target the victim, but because they had the weakest password.

Also, the act of stealing a physical device makes it a far greater risk and hassle for the attackers.

Whoa... REAL Two-Factor Security on the Web?! (1, Informative)

Anonymous Coward | more than 4 years ago | (#33634698)

You mean it's not just Wish-it-was-Two-Factor [thedailywtf.com] ? Google never ceases to amaze me. Now, how long must we wait before online banks finally get their security model right?

Re:Whoa... REAL Two-Factor Security on the Web?! (1)

icebraining (1313345) | more than 4 years ago | (#33635768)

Here in Portugal my bank already send an SMS with a verification code for any operation over X euros, being X configurable.

Mobile security (4, Interesting)

yakumo.unr (833476) | more than 4 years ago | (#33634716)

I'm worried because in all the years I've had a Google mail account I haven't had any issues, yet a month after getting an Android 2.1 phone, despite being really careful about only installing high rated applications with tens of thousands of users and mostly keeping an eye on what they're allowed to access, my gmail account was hacked and used to send out a spam email via a mobile device in canada.

I've never had an email account hacked before, so I'm pretty convinced that some phone app has leaked my account details (as it's the gmail account tethered to my phone).

Admittedly Google immediately suspended my account due to suspicious activity (access from Mobile Canada (71.17.214.49), I live in the UK), and a token to my mobile phone was how I unlocked it and changed my password, but I'm still rather wary now despite how much I love my Galaxy S mobile.

I have bought apps I don't want to lose wiping the phone, and I have no real way to tell what it may have been that leaked my data.

  I have droidsecurity antivirus installed now, but wish google could offer some stronger post-install controls on what an app's allowed to do.

Re:Mobile security (2, Interesting)

Darkness404 (1287218) | more than 4 years ago | (#33634754)

I agree, really, Google should let -us- decide what an app can do. Want to access the internet, nope, check a box marked deny and that app no longer has access to that. Want to know my location, nope, check a box marked deny and that app no longer can find your location.

About the only thing is, that might piss off a few developers because ad-blocking becomes rather easy, but I'm sure they will find a way to have it use the internet in a non-annoying way...

Re:Mobile security (1, Informative)

Anonymous Coward | more than 4 years ago | (#33635008)

It does this...you see what privileges it has when you install an app.

Re:Mobile security (1)

icebraining (1313345) | more than 4 years ago | (#33635822)

Yes, but you can't pick and choose what privileges you want to give it, can you?

The problem with the pick and choose model it's the pain it must to program the app filled with conditionals, or make it work at all.

Re:Mobile security (2, Insightful)

N1AK (864906) | more than 4 years ago | (#33635152)

I agree, really, Google should let -us- decide what an app can do.

Google won't, and shouldn't, add that. Google doesn't know what an application needs to function, a lot of users will block internet/phone etc access and break the application. Google and the app developer will then get bombarded by complaints and help requests. Android will need to match or beat iOS in user friendliness, options that offer nothing to most users and cause negative user experiences aren't going to help do that.

I would like this functionality, even though I would rarely use it. I just don't think it would benefit Android in general.

Re:Mobile security (1)

Darkness404 (1287218) | more than 4 years ago | (#33637842)

No, I don't think that most users would block it, but it would allow you to have security without a closed ecosystem. For example, why would something like, say, a media player need access to my entire filesystem to play music when I could just limit it to read permissions on my music directory (and sub-directories). These things are what prevent security flaws and let you actually control your phone.

Plus, it would allow people without unlimited data plans to use an Android phone without wondering what it was doing in the background, etc.

Re:Mobile security (1)

Trufagus (1803250) | more than 4 years ago | (#33635254)

Google has hesitated to do it that way because it is very hard for developers to write their apps like that.

For the most part, the app has a certain set of requirements - that are clearly stated to the user - and without those requirements being satisfied the app can't run. You can't pick and choose which requirements you want to allow.

The most important requirements are access to personal data. If an app that has no business reading your e-mail lists shows this as a requirement then don't install it. Hopefully the developers will have to go back and remove that requirement.

Personally, I would only allow access to my personal data to apps that come from companies or people that I really trust.

Re:Mobile security (2, Interesting)

z.cliffe.schreuders (1698064) | more than 4 years ago | (#33636428)

I love to see comments like this, because that is what my research is designed to do. Make it easy for end users (or admin) to specify what an application is supposed to do, and the program is restricted to the behaviour that is needed to do those things. For example, so you can say "this program is a web browser and an email client". Then, if you like, you can give some app-specific details such as "I download stuff to this directory", or "I only want access to these hosts". Then the program cannot do anything beyond what would be expected of those types of programs. In case you are interested, a Linux implementation is available: http://schreuders.org/FBAC-LSM [schreuders.org]

Re:Mobile security (2, Insightful)

Mr_Silver (213637) | more than 4 years ago | (#33634868)

I've never had an email account hacked before, so I'm pretty convinced that some phone app has leaked my account details (as it's the gmail account tethered to my phone).

The problem is that when you install an application, Android gives you a big long list of things that the app wants to do. Whilst it sounds like a great idea, it gives no context as to why it needs those features and you only have two choices - accept that the application can do everything or don't install it. It's far too easy to sneak something into that list without people realising.

In the future, the OS should prompt the user that an application wants to do something (eg. accessing your address book) at the point it wants to do it and let the use decide whether or not to allow it - with an option to say "Always do this for [blah]" where [blah] could be "accessing contacts". It has the nice side effect of forcing application developers to design an UI which tells customers what they are trying to do so that they don't hit the "Deny" button as soon as the alert appears.

That way, people can run applications, test them and even use them without having to subject all their data to the mercy of the developers.

Re:Mobile security (1)

whisper_jeff (680366) | more than 4 years ago | (#33634922)

In the future, the OS should prompt the user that an application wants to do something (eg. accessing your address book) at the point it wants to do it and let the use decide whether or not to allow it - with an option to say "Always do this for [blah]" where [blah] could be "accessing contacts".

Is it just me or doesn't that sound an awful lot like Vista? And we know how popular Vista was...

Re:Mobile security (1)

Miseph (979059) | more than 4 years ago | (#33635200)

Yeah, and popular or not, that was one of the things Vista did right. That was an obvious thing people didn't like, so it was ripe for mockery, but at the end of the day Vista sucked because it screwed up a bunch of other, unrelated, things.

Re:Mobile security (1)

TheLink (130905) | more than 4 years ago | (#33636592)

The problem is that when you install an application, Android gives you a big long list of things that the app wants to do.

This is not a problem. This is a good thing. Google should perhaps group some of the more common lists and call them by friendlier names.

I have proposed a similar thing for ubuntu and other linux distros: https://bugs.launchpad.net/ubuntu/+bug/156693 [launchpad.net]

In the future, the OS should prompt the user that an application wants to do something (eg. accessing your address book) at the point it wants to do it

This would be annoying, and normal users are likely to still not make the right decisions.

For people who can't be bothered to read and understand the big long list of things that an app wants to do, what Google or whoever should do is to allow 3rd parties to audit and certify a given app for a given big long list of things it wants to do. To make it easy, Google could add a site/service/app that allows such 3rd parties to audit and certify/vouch for apps.

That way, you can say "I trust X to check the apps for me". You should also be able to optionally whitelist everything signed by X, so if an app and its list is certified by X, you don't get any prompts.

Say your parents, relatives and friends might trust you about these "IT" stuff, and so you go to the android app site, and check a particular app for them (going through the long list to see if its reasonable), or a bunch of apps.

Or employees of Company B might get corporate phones which can only run apps certified by Company B (whose cert is installed in the phones/computers).
Or people might choose to trust apps certified by some IT security firm.

The benefit to Google? Google gets to know who are the informal "IT advisors" for various groups of people. This can be useful for advertisers.

Google might even allow entities to charge subscription for access to the certification advice, and take a cut from it.

This security model is definitely better than the current security model which antivirus software and normal people have to cope with:

The current model is: "given a computer program, without it's source code or full inputs, figure out whether it would screw you or not".

Computer scientists should notice that at least with the "Halting Problem" you are given the source code and the full inputs, and even then it is still considered unsolvable for the general case.

Re:Mobile security (1)

SuperQ (431) | more than 4 years ago | (#33636964)

The problem is the Android core has no way to magically know the context for why the app needs access to specific APIs. "Why would this barcode app need access to my contact?" For one you can include contact information in a barcode and it makes it easy to add contacts.

The real problem is that the API access controls are not fine grained enough. The barcode reader app should only have WRITE access to your contacts, not READ.

Users (like me) do NOT want to be continuously prompted for stupid "ARE YOU SURE!?" when running apps on a mobile phone.. See Windows Vista. Agreeing to allow an app data access at install time is by far the least intrusive but still useful method I've seen for data protection I've seen.

Re:Mobile security (3, Interesting)

ptbarnett (159784) | more than 4 years ago | (#33634896)

I've never had an email account hacked before, so I'm pretty convinced that some phone app has leaked my account details (as it's the gmail account tethered to my phone).

Did you inadvertently reuse your email password somewhere else?

My wife had her GMail account compromised by a Nigerian IP address. I'm pretty sure it's because she used her email address and password to create a userID at a site publishing historical immigration records.

She's not reusing passwords anymore.

Re:Mobile security (1)

yakumo.unr (833476) | more than 4 years ago | (#33635192)

Did you inadvertently reuse your email password somewhere else?

nope. I'm careful to use letters numbers and extra chars too.

Re:Mobile security (1)

frying_fish (804277) | more than 4 years ago | (#33634918)

Slightly off topic I know but.... I have a HTC desire, and I experienced a very similar problem as you. Although I think I tracked down which app it was and got rid of it, wasn't fun having my gmail account spam all the mailing lists I'm a part of, but thankfully google blocked that quickly (and the two times it happened - the first app that I got rid of wasn't the culprit). Anyway, to my point. If you've bought an app in the market place, then wiping your phone doesn't mean you can't have that app anymore. It is tied to your google account that you bought the app with. I have on multiple occassions, for multiple reasons (mostly forgetting to have a gold card in while performing an OTA update, whoops), had to reflash my phone to earlier version and reupdate. On each occassion I have then been able to go back into the market, and redownload the apps I had bought previously, for no extra charge. Also, as a handy bonus, they seem to show up in your download section so you don't need to go searching for them all again. Hope that helps you out.

Re:Mobile security (1)

yakumo.unr (833476) | more than 4 years ago | (#33635224)

I was sure that there would be no repurchasing necessary, it's just a hassle to make a list of what to get again, and the time it takes to reinstall them all. Especially frustrating when having no idea which app was the culprit.

It's not like you can install one app then sit around and wait a few months to see if anything untoward happens before installing the next one to test.

Re:Mobile security (1)

Mr.Mustard (58247) | more than 4 years ago | (#33636438)

You may be able to use an app like appbrain to easily reinstall the apps you have now. I do not know for sure, as I have not tried it, but it may be an option worth looking in to. I think there may be a way to get appbrain to selectively move apps over from the old configuration to the new one and, if properly configured, automatically install them. Again, do your own research to be sure.

The tricky part is making sure you have a copy of any data/configuration you wanted to keep.

Re:Mobile security (1)

Jurily (900488) | more than 4 years ago | (#33634952)

Your phone is too smart to be secure. Buy a $10 Alcatel.

That would require an Android pod touch (1)

tepples (727027) | more than 4 years ago | (#33635506)

Your phone is too smart to be secure. Buy a $10 Alcatel.

If I buy a dumb phone, then on what device will I run apps? Google hasn't officially opened the Market to Android devices other than phones.

Re:Mobile security (0)

Anonymous Coward | more than 4 years ago | (#33635664)

Hmm. My wife's Gmail account was hacked recently, but she does not have any Gmail access on her phone. We also checked her various machines for keyloggers/etc. and all of those were clean as well. The only remaining conclusion is that her password was guessed by some dictionary attack (in particular, a dictionary attack based on phrases.)

I doubt it was your phone, otherwise many many other people would have seen it as well.

Re:Mobile security (2, Informative)

IamTheRealMike (537420) | more than 4 years ago | (#33636714)

Hey,

I work on the Gmail team. What happened to you is not related to your use or purchase of an Android phone. In fact, the spammer that logged in to your account wasn't using a mobile phone at all. The reason the session shows up as from a mobile device in your recent activity console is that some popular spammer tools identify themselves to our servers as a mobile phone so that it is allowed to use the mobile HTML UI - presumably as it's easier for them to reverse engineer. But it's actually just a program running on a regular computer.

Passwords can be stolen through a variety of means. I suggest you read this post [google.com] in the Gmail support forum for more information on how it might have happened. The top three ways are phishing, keylogger viruses and re-using your Gmail password at other websites that then get hacked (this is very common).

In other words, you shouldn't need the Android anti-virus product and can uninstall it if you want. I have never heard of somebody being infected with an Android virus - just make sure to read the list of requested permissions and you should be OK.

Hope that helps and sorry to hear about your experience, but happy to hear we managed to block it!

Re:Mobile security (1)

SuperQ (431) | more than 4 years ago | (#33636884)

Correlation != Causation.

The only way for an app to get your gmail credentials out of your phone directly is if it asked for your gmail password.

Silly nerds... (3, Insightful)

Darkness404 (1287218) | more than 4 years ago | (#33634720)

but it doesn't answer how it helps if an intruder is getting into Apps through a lost or stolen phone

When you lose your phone, the vast, vast, vast, vast majority of the time they just want to wipe your iPhone and sell it to the local pawn shop. They don't care about your data, your songs, your apps, etc. they simply see that shiny, new hardware = money. Same thing with laptops, they don't care about the data on it, they want to wipe "that funny looking OS" off of it and put a pirated copy of XP on there and sell it on eBay.

The idea that stolen gadgets are going to be used for something beyond simple hardware really overestimates either your value of data or the intelligence of thieves.

Re:Silly nerds... (2, Interesting)

ibsteve2u (1184603) | more than 4 years ago | (#33634772)

You refer to a time from before the day Google incentivized the stealing of phones by making them [a] key to business espionage.

Re:Silly nerds... (1)

Nick Ives (317) | more than 4 years ago | (#33637860)

Google is late to that party: Blackberry and iPhone had full Exchange support before Android.

Anyway, Exchange allows admins to do a remote wipe, does it not?

Are you suggesting (1)

georgeb (472989) | more than 4 years ago | (#33634774)

... that Paris Hilton lied when she said those pictures were obtained from her stolen phone?

Re:Are you suggesting (1)

Darkness404 (1287218) | more than 4 years ago | (#33634834)

I'm suggesting that none of the readers of /. are Paris Hilton.

Yeah, if you are a celebrity, people are going to look through your cell phone. But I'm not a celebrity, I don't think you are and neither is most of /. (I don't think that the average person cares to look through Linus Torvald's cell phone) and this idea that our data is somehow awesomely valuable to the average person and would be stolen is a bit too much of ego. No one cares about your source code to yet another text editor, no one cares about pictures of your cat, no one really cares about your high score on Galaga, they do however see a nice Droid/iPhone/BlackBerry phone and know that they can sell that for a few extra bucks.

Re:Silly nerds... (1)

camperdave (969942) | more than 4 years ago | (#33634820)

When you lose your phone, the vast, vast, vast, vast majority of the time they just want to wipe your iPhone and sell it to the local pawn shop.

How did my phone magically become an iPhone?

Re:Silly nerds... (1)

Confusador (1783468) | more than 4 years ago | (#33636380)

A wizard did it. You dare underestimate the power of Jobs?

Re:Silly nerds... (1)

xtracto (837672) | more than 4 years ago | (#33635598)

Nope...

When you lose your phone (nowadays), the vast majority of thieves want to look at your pictures and videos to see if you have some interesting (aka pr0n) stuff there.

Some people are so stupid as to even use the phone (some of them actually buy a new chip!).

Believe me, I know the nature of these kind of thieves. During my high school I was friend with some of them.

How many factors are secure? (4, Insightful)

thethibs (882667) | more than 4 years ago | (#33634742)

but it doesn't answer how it helps if ...

Judgecorp should wait until after second coffee to post.

What happens when an attacker has both factors in a two-factor situation is that security is breached. The same applies for any number of factors.

The objective is to improve security, nothing can guarantee it. No "answer" is needed.

(.....)

Re:How many factors are secure? (1)

140Mandak262Jamuna (970587) | more than 4 years ago | (#33635234)

What happens when an attacker has both factors in a two-factor situation is that security is breached. The same applies for any number of factors.

The objective is to improve security, nothing can guarantee it. No "answer" is needed.

(.....)

Most (grown) people are unfamiliar with passwords and all its implications. They re use passwords, they never change their passwords and they make us extremely simple passwords. But most people are aware of the value of the cell phone and they will notice it if they lose it. So to that extent it will help. Of course the validation code from Google should not identify the google account in the text message. Else, anyone who finds your lost cell phone could potentially hijack your account.

Re:How many factors are secure? (1)

leuk_he (194174) | more than 4 years ago | (#33635240)

Go for 3 factor?

-Something you know. (password)
-Something you have (phone)
-Something you are (voice print)

and make them more secure:
-Password contain 20 chars
-A one time pad that generates new password every 10 minutes.
-Retinal laser scan combined with fingerprint scan.

By the way, loosing you phone does not loose your account, you will need to loose the password or some other secret as well. And even then you will have to need to trust the maintainers of the server.

Re:How many factors are secure? (1)

xtracto (837672) | more than 4 years ago | (#33635696)

By the way, loosing you phone does not loose your account, you will need to loose the password or some other secret as well. And even then you will have to need to trust the maintainers of the server.

There's a joke about setting your phone free, liberating your account and relaxing your password around there.

Other than that I like your idea of your 3 factor password, but ONLY if it could be used to login in to ALL internet services.

Actually that is something achievable with open source. If setup a "trusted server" server to which you can connect (using your 3 factor) and then that server automatically logs in/redirects you to all the services you use. That might be doable using VNC or the like... I only have to figure out scripts that log-you-in into Facebook,GoogleApps,Slashdot,HostelWorld,Etc... each time you log to your trusted server.

Re:How many factors are secure? (1)

zindorsky (710179) | more than 4 years ago | (#33635756)

What happens when an attacker has both factors in a two-factor situation is that security is breached.

Fuck everything, we're going to 5 factor security.

Good Idea (1)

Striikerr (798526) | more than 4 years ago | (#33634808)

Two factor authentication is the way to go. Sending a code to your phone is a great idea as cell phones / smart phones are very much a commonplace item in a user's inventory. Relying upon passwords alone is incredibly risky and should be augmented by a second form. This comes generally down to a physical special-use hardware token or we can use or better yet, use a cell phone and send the code to it instead. I know that this feature is available to World of Warcraft users (via the iPod / iPhone apps) and many banks have this as an option for online banking. The complaints revolving around losing one's cellphone are pointless. Yes, it compromises the second layer of authentication but the intruder would still need the initial password. The point is, it's a huge step forward in terms of security and should be adopted by anyone who is concerned about someone else capturing / guessing their password and accessing files etc.

Re:Good Idea (1)

rhsanborn (773855) | more than 4 years ago | (#33635038)

I bet many people will sign up for it, and less than 10% will stick with it, because it's inconvenient. About the 4th time they have to dig through their bag to find their phone so they can log in and check their email, they'll disable it. I do like the ability however, perhaps they could even sell it as a service to banks, etc, where people might not be so averse to the extra steps.

It's only a problem for Apple employees (1)

Overzeetop (214511) | more than 4 years ago | (#33634924)

...and they don't use Google apps, right?

For the rest of us, though... (1)

Just Some Guy (3352) | more than 4 years ago | (#33635012)

it doesn't answer how it helps if an intruder is getting into Apps through a lost or stolen phone.

Nor does it handle lost luggage, traffic jams, or slow-pouring ketchup. Yes, we all bow to your cleverness at identifying situations that it doesn't address, but in the 99.9999% of other situations, it's a nice bonus.

Nor does it help... (1)

itsdapead (734413) | more than 4 years ago | (#33635032)

but it doesn't answer how it helps if an intruder is getting into Apps through a lost or stolen phone.

Nor does it help if your employees are disclosing your secrets at gunpoint while simultaneously receiving the oral attentions of Halle Berry.

But what it does do is what it says on the tin: prevents people getting in to your apps by guessing a user's password is "swordfish" (or "joshua" or "kronos" or "peekaboo" or the cat's birthday) or otherwise fishing or sniffing it.

1 + 1 = ? (1)

horza (87255) | more than 4 years ago | (#33635210)

I don't think judgecorp can count. The idea of the 2 step authentication is that there are two steps. This means that just having your password is not enough. It also means that just having your mobile phone is not enough either.

This means that if somebody steals your phone, they still can't get in as they don't have your password.

Phillip.

Seriously? There is no question. (0)

Anonymous Coward | more than 4 years ago | (#33636934)

What do they mean "it doesn't answer the question..." about if someone has your phone. If they have your phone, duh, it won't help. Then again, they will probably not need google apps, since they can use the native mail applications (if it's a smartphone at least), and have all your data that's on the phone.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?