Google announced that their two step authentication service will be receiving an update. The update is meant to make the authentication process simpler, easier, but also much safer.
Presently, the two step authentication process consists of an SMS being sent to the registered number of a user whenever a login attempt with the correct username and password is made. The SMS contains a six-digit authentication code which then needs to be used in order to allow access.
The current two step authentication service implies that even if hackers have the user’s account and password, they will not gain access because they do not have the user’s smartphone, a device which the majority of people keep close to them, and with additional safeguards as well.
There are several databases with usernames, e-mails, and passwords that were either datamined, hacked, or just leaked. A strong password usually contains lowercase letters, uppercase letters, numbers and one symbol. The majority of users have one password which they use for several accounts and rarely change their passwords.
Nevertheless, hackers realized that they do not need the user’s phone to receive the two step authentication SMS. All they have to do is call the phone network’s customer service, pretend they are the user and change the number of the SIM to one that they have in their possession.
In order to claim that they are the user, hackers will be required to have the user’s social security number, a piece of data that has repeatedly been proven that is easily obtainable in a multitude of illicit ways.
All phone networks have the options of adding an extra security feature, such as a spoken password or PIN, but it is not implemented by default, and users do not often consider in being so thorough when it comes to the security of all their accounts.
Google’s new two step authentication will no longer be sending an SMS. Instead of a 6-digit secondary authentication code via SMS, users will now be prompted with a notification. Once anyone attempts to connect to a protected account with the correct username and password, the user’s smartphone will display the notification and give the user a simple Yes/No prompt.
The authenticator is a different app with a different unique retrieval serial key. Hackers will not be able to gain access to accounts just with changing the user’s SIM number to one of theirs via illicit customer service manipulation. To gain access, they would need the user’s phone.
All Google users are advised to install the new two step authentication app once it becomes available in their region. It is safer than the old version, easier to set-up, and quicker to use.
Image Courtesy of YouTube.