Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Is Finally Making Two-Step Verification Less Annoying (theguardian.com)

Posted by msmash on from the security-measures dept.

Google, which first introduced two-factor authentication about five years ago, is now making it a little easier to utilize this security measure. Instead of users having to manually enter a code that they received in a text message, they will now see a prompt message that only requires them to tap on the phone to approve login requests. The feature will be available on Android as well as iOS soon. The Guardian reports: You do have to turn this service on even if you already use two-step. To turn it on you need to first login to Google and then go to My Account > Sign-in & security > Signing in to Google > 2-step Verification. There you will have options to turn on two-step verification, add Google prompt as an extra form of authentication or replace your existing two-step method. Google isn't the first to use notifications as a method of login verification, both Twitter and Facebook allow users to confirm logins using notifications from their respective smartphone apps. But even they require entering the app, viewing the alert and tapping confirm. Google's one-tap confirm is much faster.

8 of 136 comments (clear)

  1. Re:Why would I want 2 step by Anonymous Coward · · Score: 5, Insightful

    You really think they don't have it already?

    That's... cute.

  2. I am not sur this is an improvement by Anonymous Coward · · Score: 5, Interesting

    I like the current setup as it does not require my phone to have a data connection. Not everywhere I have a computer connected to the internet do I have wifi available. The app generating a code seems more flexible in my opinion.

    1. Re:I am not sur this is an improvement by GIL_Dude · · Score: 4, Informative

      So, this is an improvement because it is just one step of the process. If it fails (due to the no data connection issue you mention), you just click to use another method and it fails back to the previous text message option. So no real downside on that count. The biggest drawback I have hit with it is that Google won't let you use both this new method and a hardware security key (I was using a Yubikey). You have to remove the hardware security key from your account in order to add this new method. That's really a bummer because the hardware keys didn't rely on your phone at all. You just have a small USB key that you pop into the computer and press a button when prompted.

  3. Perhaps I'm the only one by 93+Escort+Wagon · · Score: 4, Insightful

    But I don't find SMS two-factor with to be particularly burdensome. It's simple, it works, and it relies only on a de-facto standard method of communication that pretty much everyone already has access to - no vendor lock-in required.

    --
    #DeleteChrome
  4. Re:Why would I want 2 step by Jawnn · · Score: 4, Insightful

    Actually, my phone number is one of the things I would most trust Google with. Unlike all that web data Google has on me, there are long established regulations that govern what an entity may and may not do with my phone number.

  5. Re:Oh joy - more clickthrough. by Qzukk · · Score: 4, Insightful

    But how else am i going to watch tits.avi.scr.js.jpg.exe.com if I don't click Allow?!

    BTW, how many more versions of windows will continue to "hide extensions for known file types"?

    --
    If I have been able to see further than others, it is because I bought a pair of binoculars.
  6. Worse security by WPIDalamar · · Score: 4, Insightful

    This is probably way worse security for the techno-illiterate.

    Attacker enters password.
    Clueless user gets notification, taps it.
    Attacker is let in.

    Whereas before it would be:

    Attacker enters password.
    Clueless user gets a number that they don't know what to do with
    Attacker is not let in.

  7. Nobody has a hundred friends? by maggard · · Score: 4, Insightful

    I do. I'm nearly 50 years old, have lived in several places, have worked at a number of jobs over the years, had multiple romantic relationships in my life. I've made friends every year, in all of those places, through many diverse ways. Are all of the folks I've friended currently on my short list? No. But that list of a dozen close friends has evolved over time with new ones entering and others dropping off as we move about, go through various stages of life, some have died, etc. But they have my phone number. I have theirs. I may also have their closest friends or family members phone numbers. That adds up to well over a hundred people. And while I'm social I'm nobody compared to some of the butterflies I know. More than two people for every year of life? Those gregarious folks get, and use, that many numbers in a night on the town. No, for most of us non-hermetic folks I'd guess a hundred friends or more is entirely unsurprising.

    --
    I don't read ACs: If a post isn't worth so much as a nom de plume to its author then I wont bother either.