Skip to content

July 15, 2017

Google wants you to upgrade to (its) better two-factor authentication

by John_A

Two-factor authentication is still the best way to keep yourself safe from password breaches, but some 2FAs are better than others.

Two-factor authentication has had a bad couple of weeks. Not only was a prominent developer, Justin Williams, forced to defend a phishing attack against him to PayPal and AT&T, but it’s becoming increasingly clear that SMS-based two-factory authentication is a new vector for hacking.

google%20prompt.jpg?itok=YER7-r2n

As a result, Google is doing something about that: since SMS-based two-factor authentication is more susceptible to phishing attacks — someone could potentially intercept a text message or clone a SIM card, as is what happened with Williams — the company wants people to switch to prompt-based verification:

Starting next week, 2-SV SMS users will see an invitation to try Google prompts when they sign in. The invitation will give users a way to preview the new Google prompts sign in flow instead of SMS, and, afterward, choose whether to keep it enabled or opt-out.

Overall, this is being done because SMS text message verifications and one-time codes are more susceptible to phishing attempts by attackers. By relying on account authentication instead of SMS, administrators can be sure that their mobile policies will be enforced on the device and authentication is happening through an encrypted connection.

Basically, prompt-based verification is secure, and cannot be intercepted since it runs through Google Play Services. The only way this could potentially be a security issue is if someone steals a phone that is registered to accepts 2FA prompts from Google, but it’s really easy to deregister a device from any web browser should that unfortunate event occur.

Two-factor authentication: Everything you need to know

Advertisements
Read more from News

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Note: HTML is allowed. Your email address will never be published.

Subscribe to comments

%d bloggers like this: