After making two-step authentication the default, Google account hacks decreased by half
Google announced two-step verification for its two billion users on World Password Day (May 6, 2021). However, what exactly is two-step verification and how does it work?
We need to understand the principle behind two-factor authentication as more websites, applications, and games implement it as part of their login processes. When we talk about authentication factors, we're talking about three different types of authentication methods:
- Something you know: Passwords and one-time PINs, sometimes known as OTPs, are examples of knowledge-based factors.
- Something you have: This is a separate, actual item, such as a USB token or a smartphone authentication app.
- Something you are: Biometrics, such as your fingerprint, a retinal scan, facial ID, and so on, are examples of inherent factors.
So, two step verification, or 2SV, is an identity verification mechanism in which an authorized user must complete two stages in order to properly authenticate. After this approach was launched by Google, a research says that it observed 50 percent decrease in accounts being hacked by a phishing group or an individual. The concept demonstrates the capacity of a tech giant like Google to provide security by default, and it fits into a multi-year effort to drive consumers towards a more secure network model, with the ultimate goal of eliminating passwords.
In 2018, a Google engineer discovered that more than 90% of active Gmail accounts were not using two-factor authentication, raising questions about why the company didn't make the process mandatory. Since then, the company has been working to make 2SV the default option for a larger number of user.
Despite the fact that the number of web services that enable two-factor authentication has continually increased, user acceptance remains low. Twitter, which introduced two-factor authentication in 2013, reported that only 2.3 percent of active accounts had activated it by 2020, whereas Facebook's adoption rate was over 4% in 2021.When two-factor authentication is used, the most common method is to send one-time codes by SMS, which security experts believe is the most vulnerable to interception. Two-factor authentication should ideally use a mobile app, such as Google Authenticator or Authy, or a physical device, such as a hardware security key to maximize the security.
Comments
Post a Comment