A key part of being an Apps Admin is knowing all there is to know about Google Apps System Access and Authentication. These two topics are closely-interrelated, and in this post we'll be discussing Login challenges and how they differ from 2SV, or 2-Step Verification.
A Login Challenge is presented whenever a user attempt sto sign in from an unusual location, or under suspicious circumstances. In these cases, Google wants to verify their identities. To do this, they require either a verification code or a question. The first one, verification code, gets Google to send them a text message or automated call. (There's also the option for the user to simply enter their phone number.) The second asks them what city they usually sign in from. Users can be presented with either of these Login Challenges when signing in in an unusual way.
While these are okay as verification tools, they aren't the best offered by Google Apps System Access and Authentication. For that, you want to turn to 2SV.
2SV is short for 2-Step Verification, and it's performed on every sign-in, not just a few that seems suspicious to Google. There's many potential breaches that can be made without triggering Login Challenges, including signing in in the same location or even using one of the user's computers. To plug up these security holes, the best thing to do is to enable 2SV.
2SV works similarly to the first Login Challenge. Instead of sending a text or an automated phone call, though, a user simply gets a notification on their phones asking them to verify their sign-in attempt with just one press of their thumb. It's quicker, it's easier, and it gets applied to every new sign-in, as opposed to just a few in the wild. (It's also important to make sure that your employees aren't enabling to stay signed in on their machines- every sign-in should be fresh to work properly with 2SV!)
Setting up 2SV will ensure that you're meeting the highest standards in Google Apps System Access and Authentication. Your users will need smartphones- Android or iOS- that support the Google Authenticator Mobile App. To enable 2SV for your domain, simply go to "Basic settings" in Security in your Admin console, This will allow you to check "Allow users to turn on 2-step verification". After this, you'll want to make sure all qualifying users will enable it and practice the right security practices.
To learn more about Google Apps System Access and Authentication, as well as other enterprise cloud applications, feel free to read our blog for more posts like these. If you're based in or around Austin, Texas, you can also contact us at Coolhead Tech for a free consultation!