Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Is Finally Making Two-Step Verification Less Annoying (theguardian.com)

Posted by msmash on from the security-measures dept.

Google, which first introduced two-factor authentication about five years ago, is now making it a little easier to utilize this security measure. Instead of users having to manually enter a code that they received in a text message, they will now see a prompt message that only requires them to tap on the phone to approve login requests. The feature will be available on Android as well as iOS soon. The Guardian reports: You do have to turn this service on even if you already use two-step. To turn it on you need to first login to Google and then go to My Account > Sign-in & security > Signing in to Google > 2-step Verification. There you will have options to turn on two-step verification, add Google prompt as an extra form of authentication or replace your existing two-step method. Google isn't the first to use notifications as a method of login verification, both Twitter and Facebook allow users to confirm logins using notifications from their respective smartphone apps. But even they require entering the app, viewing the alert and tapping confirm. Google's one-tap confirm is much faster.

11 of 136 comments (clear)

  1. Why would I want 2 step by Anonymous Coward · · Score: 2, Insightful

    And why on God's green earth would I want to give Google my telephone number?

    1. Re:Why would I want 2 step by Anonymous Coward · · Score: 5, Insightful

      You really think they don't have it already?

      That's... cute.

    2. Re:Why would I want 2 step by Jawnn · · Score: 4, Insightful

      Actually, my phone number is one of the things I would most trust Google with. Unlike all that web data Google has on me, there are long established regulations that govern what an entity may and may not do with my phone number.

    3. Re: Why would I want 2 step by ikejam · · Score: 3, Insightful

      Perhaps so, but do consider this : if you have say a hundred friends (a fair percentage of whom will be using android ) who have you in their contacts, ( not them in yours which ofcourse is under your control) , it would be trivial for Google to know your contact number with a high level of certainty

    4. Re:Why would I want 2 step by CrimsonAvenger · · Score: 3, Insightful

      I take it that a "Telephone Book" is a strange idea where you come from?

      Yes, I know they don't usually do them for cell phones, but there isn't a really good reason why the notion should be outrageous or anything....

      --

      "I do not agree with what you say, but I will defend to the death your right to say it"
  2. Perhaps I'm the only one by 93+Escort+Wagon · · Score: 4, Insightful

    But I don't find SMS two-factor with to be particularly burdensome. It's simple, it works, and it relies only on a de-facto standard method of communication that pretty much everyone already has access to - no vendor lock-in required.

    --
    #DeleteChrome
  3. Re:A Google App? by cryptizard · · Score: 3, Insightful

    I'm not sure you understand what this does. You might as well say how long do you think it will take for someone to make a fake Gmail app that steals your Google password? Or any other service for that matter? It is a completely orthogonal question to this topic.

  4. Re:Oh joy - more clickthrough. by Qzukk · · Score: 4, Insightful

    But how else am i going to watch tits.avi.scr.js.jpg.exe.com if I don't click Allow?!

    BTW, how many more versions of windows will continue to "hide extensions for known file types"?

    --
    If I have been able to see further than others, it is because I bought a pair of binoculars.
  5. Worse security by WPIDalamar · · Score: 4, Insightful

    This is probably way worse security for the techno-illiterate.

    Attacker enters password.
    Clueless user gets notification, taps it.
    Attacker is let in.

    Whereas before it would be:

    Attacker enters password.
    Clueless user gets a number that they don't know what to do with
    Attacker is not let in.

  6. Nobody has a hundred friends? by maggard · · Score: 4, Insightful

    I do. I'm nearly 50 years old, have lived in several places, have worked at a number of jobs over the years, had multiple romantic relationships in my life. I've made friends every year, in all of those places, through many diverse ways. Are all of the folks I've friended currently on my short list? No. But that list of a dozen close friends has evolved over time with new ones entering and others dropping off as we move about, go through various stages of life, some have died, etc. But they have my phone number. I have theirs. I may also have their closest friends or family members phone numbers. That adds up to well over a hundred people. And while I'm social I'm nobody compared to some of the butterflies I know. More than two people for every year of life? Those gregarious folks get, and use, that many numbers in a night on the town. No, for most of us non-hermetic folks I'd guess a hundred friends or more is entirely unsurprising.

    --
    I don't read ACs: If a post isn't worth so much as a nom de plume to its author then I wont bother either.
  7. Re:Oh joy - more clickthrough. by friedmud · · Score: 3, Insightful

    While I think this is a good idea... I can kind of understand what he's saying.

    Imagine this:

    1. Bad guys steal password
    2. Bad guys go to gmail.com and enter password
    3. Good guy receives notification that approval is needed for a login
    4. So used to just clicking Approve for this notification the good guy clicks Approve... and the Bad guys are in.

    That scenario couldn't happen with a pin code being sent... because the Bad guys would not receive the pin code and the Good guy wouldn't have anywhere to enter the pin code...

    I agree that it's pretty boneheaded... but the point of the parent is that we're all so used to clicking OK/Approve (and we REALLY will be if every website requires this kind of authentication) that many normal people might accidentally click Approve for bad requests...