Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Is Finally Making Two-Step Verification Less Annoying (theguardian.com)

Posted by msmash on from the security-measures dept.

Google, which first introduced two-factor authentication about five years ago, is now making it a little easier to utilize this security measure. Instead of users having to manually enter a code that they received in a text message, they will now see a prompt message that only requires them to tap on the phone to approve login requests. The feature will be available on Android as well as iOS soon. The Guardian reports: You do have to turn this service on even if you already use two-step. To turn it on you need to first login to Google and then go to My Account > Sign-in & security > Signing in to Google > 2-step Verification. There you will have options to turn on two-step verification, add Google prompt as an extra form of authentication or replace your existing two-step method. Google isn't the first to use notifications as a method of login verification, both Twitter and Facebook allow users to confirm logins using notifications from their respective smartphone apps. But even they require entering the app, viewing the alert and tapping confirm. Google's one-tap confirm is much faster.

3 of 136 comments (clear)

  1. Re:Why would I want 2 step by __aaclcg7560 · · Score: 3, Informative

    Two-factor authentication is based on what you know (your password) and what you have (your cellphone). If script kiddies tries to hack into your account by guessing your password, they will still need your cellphone before they can log into your account.

  2. Re:I am not sur this is an improvement by GIL_Dude · · Score: 4, Informative

    So, this is an improvement because it is just one step of the process. If it fails (due to the no data connection issue you mention), you just click to use another method and it fails back to the previous text message option. So no real downside on that count. The biggest drawback I have hit with it is that Google won't let you use both this new method and a hardware security key (I was using a Yubikey). You have to remove the hardware security key from your account in order to add this new method. That's really a bummer because the hardware keys didn't rely on your phone at all. You just have a small USB key that you pop into the computer and press a button when prompted.

  3. Re:Why would I want 2 step by __aaclcg7560 · · Score: 3, Informative

    And how exactly does it work if I do not have a cellphone?

    Google recommends these security tokens in the US as an alternative.

    https://support.google.com/accounts/answer/6103523?hl=en
    https://www.amazon.com/s/?field-keywords=%22FIDO%20U2F%20Security%20Key%22