Google's 2-Step Authentication Update Simplifies Sign-On

...

Register for this webinar and get a better understanding of the impact of malvertising and ransomw

To encourage more users to practice some form of two-factor authentication when they log in to Google accounts, the tech titan has made the process easier with its latest update.

Google has updated its two-factor verification process in a move to simplify the steps users need to take to log in to their Google accounts.

Google, which according to The Verge has supported two-factor authentication for more than five years, has added a feature that allows users to tap one of two prompt son their smartphones that say: "Yes, allow sign-in," or "No, deny sign-in" to approve or deny login requests.

The feature is a simpler option than existing methods of (1) having Google text a code, or (2) requiring users go to a Google random code generator app and enter its characters into an account site. Google will continue to offer those two-step authentication methods alongside its latest security feature update.

Users with an Android phone will need to have the latest version of Google Play Services loaded on their device to use the Google two-factor authentication prompt. Apple iOS users will need to install the Google search app on their iPhones to use the new security feature.

But whether this simplification will succeed in enticing more users to beef up security by using two-factor authentication has yet to be seen. However, it may be a good start.

"In my view, this change will allow more users to enroll and take advantage of the two-factor authentication. Many users will refuse to open an app and enter a code [because of] too much friction, but hitting a key similar to a phone notification that everyone is used to might just remove enough friction to start a mass enrollment for many folks with smart phones.

"If Google ever moves toward making this the default behavior once they detect [...] the type of phone, [...] I believe it could drastically reduce account takeover and increase [the] security of Google offerings," Scott Carlson, technical fellow at security firm BeyondTrust, told InformationWeek.

[See 10 Stupid Moves That Threaten Your Company's Security.]

He noted that this form of two-factor authentication is technically similar to the push notifications and texts that banks have successfully used for years, and that a few single-sign-on providers are starting to allow their customers to use it.

"It appears that most consumers and employees trust their smart device now, and if Google starts to see, and publishes positive adoption numbers, I believe we will see many internet-based service companies moving toward this model where they prompt a user before logging in," said Carlson.

Still, some may note that enterprises should not necessarily view two-factor authentication as a security silver bullet, and point to the need for companies to consider how their systems are designed and built.

Categories
APPLICATIONS
0 Comment

Leave a Reply

Captcha image


RELATED BY

  • 5300c769af79e

    I Miss the Moto Z Play

    The timing of this might be odd, or maybe it’s because the unlocked and DROID versions of the Moto Z Play both received Nougat updates this week, but man, I miss this phone.I haven’t used a Moto Z Play since reviewing it in September, yet I’m incredibly close to buying the unlocked version and overnighting the damn thing.
  • 5300c769af79e

    LG, the only dark horse to break the Apple-Samsung landscape -

    With Optimus G, LG achieved the smartphone trifecta, delivering powerful hardware, a unique user experience and superior appearance.With such massive shifts and distractions in the market, LG focused its efforts on perfecting its craftsmanship to create industry-best devices.
  • 5300c769af79e

    Advanced Endpoint Protection: When Should an Enterprise Move to AEP?

    Download Advanced endpoint protection (AEP) products are still relatively immature, which makes it difficult to decide whether to replace or augment existing endpoint protection (EPP).Adding to the difficulty is assessing AEP products is the fact that measuring some of their features can be complicated.
  • 5300c769af79e

    Live Demo: Office 365 Provisioning Deep Dive

    Since the release of Office 365 five years ago, many of the “easy” Office 365 migrations have been completed.Customers migrating to Office 365 now have much more complex requirements, such as having to work around unique user access and governance challenges that may involve their employees, customers, partners and providers.