Dive Brief:
-
Google announced plans to revamp its two-step verification (2SV) process and replace one-time codes sent via SMS with prompts that appear on a user's smartphone, according to the company.
-
The change comes after an increase in attacks that have allowed hackers to take over mobile phone numbers, receive one-time codes sent via SMS, and break into accounts. Google says it plans to start rolling out the new approach this week.
-
Google's new approach is to show a prompt on a users' phone asking the account owner to approve login requests. Users can authorize a login request with the tap of a button — no code needed.
Dive Insight:
Google streamlined its 2-factor sign-in prompts just last summer. Now it appears it wants to take SMS out of the equation. It's all part of the constant security adjustment companies must now make as hackers figure out new ways to outsmart security systems.
This change provides a greater level of confidence for users, but with this and other security measures, administrators and users must do their part.
Many companies are working on solutions to help eliminate the traditional password, and mobile phones are increasingly part of the solution. In April, Microsoft revealed phone sign-in for Microsoft accounts, a new sign-in feature that the company says will eliminate the traditional password and "is easier than standard two-step verification and significantly more secure than only a password."
Traditional passwords are easily forgotten and easily stolen. More than three billion user credentials and passwords were stolen in 2016, according to a report from Thycotic and Cybersecurity Ventures.
