In September 2010, Google also introduced a strong authentication mechanism, which further increases end-user security by requiring users to enter a 6-digit code every time they log in. This 6-digit code is generated on the fly. This provides a solution to an old problem: the user/password protection is based only on the possession, by the user, of the knowledge of secret information, namely the password. Strong authentication requires moreover possession of a unique object, like a cell-phone with a specific number.

We discuss this strong authentication mechanism in more detail in section 8.2.4.