It was all going so well for Eran Fegenbaum, the director of enterprise security at Google. He was on the London leg of his European tour, keen to tell journalists about Google and its fantastic array of web-based applications.

Companies signing up for the service, he said, could expect high levels of security because the Google people have the economies of scale to handle all those annoying things, such as system patches, that trip up users of in-house systems.

It’s a compelling business case, but as someone mentioned, security in the cloud does hinge on having good levels of authentication at the user end. With all the data in one place, you need to be sure that only the right people can access it. No problem, said Feigenbaum, Google was now supporting two-factor authentication to allow users to tighten things up.

That’s great news. So was he using 2FA himself, someone asked? Simple question, you ‘d think.

“I can’t comment on that,” he replied, his fulsome smile momentarily slipping.

Why not? Just saying yes or no would hardly open him up to the world’s hacker community.

“Let me answer that in a different way,” he pleaded, going on to explain that any new features that Google comes up with are tried out internally - they like to eat their own ‘dog-food’, he said.

Yes, but that hardly answered the question. Nevertheless, by now looking decidedly uncomfortable and looking to his colleagues to help him out ( they didn’t), he refused to say more on the matter.

Leaving the assembled hacks to conclude that Google’s head of security just uses username and password. Of course, that would be complete speculation….