Internet users should be wary of the different online vulnerabilities brought by the surge of hacks and exploits.

Recently, the Heartbleed bug made headlines when it struck the prominent and widely used Web sites like Yahoo, Facebook and Google. The affected Web sites released patches and asked their customers to change their passwords for uninterrupted and safe service. The bug showed how widespread and susceptible the problem was.

Google has come up with a solution to counter this problem. The search giant implements a security measure that automates the two-step authentication process for users of Google Apps services. This feature demands the Gmail account users to enter their account password and a unique verification code sent to the registered mobile device to login to the account.

If an unauthorized person tries to access a user account, Google will automatically pose a "Login Challenge" to the user to ascertain the legitimacy of the user. This process ensures that no unauthorized person can log into other user accounts even if they figured the username and the password.

Google already offers a dual-factor authentication feature. But the user has to sign up for this feature to take effect. This login challenge feature is automatic. Upon detecting a fishy login, Google will pose a challenge to the user by asking the person to enter the verification code sent to his registered mobile number.

Although Google did not explain how the company is going to identify "fishy logins," the Web site did say that the company will use the "patterns of the user login from the past" to identify suspicious users. Other than this, providing incorrect passwords consecutively will also trigger this login challenge.

The login challenge can be disabled with the help of Google Admin console. This option will be very handy when the genuine account holder is not able to login to the account. Also, he has no signal on the phone to receive the verification SMS from Google. Upon disabling this option, the login challenge will be disabled for a period of 10 minutes so that the account holder can log in.