Google confirms new powerful update for secure authentication for millions of users
As you know Google has been working on Android Based SMS services for almost a decade but due to the default apps of Android smartphone companies like Samsung, Vivo, etc, and smartphones based in China have become the main reason for their downturn. In today’s era, we have encountered multiple scams going around us like hacking SMS codes for stealing Bank money and much more. Hackers use multiple malware, ransomware techniques to enter into our devices and get those SMS codes that help them for gaining bank, social, and multiple accounts access.
Well, this issue has been leading to many reasons, delivering an SMS to a phone number without any user authentication like biometric or passcode security measures protect our physical devices, not our numbers, they are separate.
This opens us up to SIM-swapping, to social engineering scams to steal those six-digit codes, to malware that captures and exfiltrates screenshots of incoming messages. For all those reasons, and more, the advice is now to avoid SMS-based 2FA if you can. So, if you can tie 2FA to the biometric or passcode security of a known device, then that’s a vast improvement. However, Apple does this brilliantly and Google is fast making this the default as well.
In a blog post on June 16, Google confirmed “Starting on July 7 we will make phone verification prompts the primary 2-Step Verification (2SV) method for all eligible users.” Their plan fundamentally is to switch Google account holders to this setting, forestalling the majority, essentially defaulting to an SMS message or voice call.
Meanwhile, there’s a drawback with this too, all devices a user is logged into will receive the prompt, and that will require some rejigging for families sharing devices. Furthermore, users who have security keys won’t see a change. The phone prompt doesn’t work for the user, they can get away to an SMS during the verification process—however, Google doesn’t recommend this. This move is both progressively secure and simpler, “as it avoids requiring users to manually enter a code received on another device.”
There will be users out there who have not yet opted for 2FA at all, your accounts are basically wide-open. Research has shown that any form of 2FA removes more than 90% of the risk of a successful account compromise.
So what is your take on this move by Google? Do mention your views in the comment section below. For more news on tech and cybersecurity subscribe to our newsletter from here