Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google To Replace SMS Codes With Mobile Prompts in 2-Step-Verification Procedure (bleepingcomputer.com)

Posted by msmash on from the interesting-moves dept.

Starting next week Google will overhaul its two-step verification (2SV) procedure and replace one-time codes sent via SMS with prompts shown on the user's smartphone. From a report: This change in the Google 2SV scheme comes after an increase in SS7 telephony protocol attacks that have allowed hackers to take over people's mobile phone numbers to receive one-time codes via SMS and break into user accounts. The rollout process for this feature is scheduled to start next week when Google will invite users to try mobile prompts instead of receiving a one-time code via SMS. Users need an Internet-connected smartphone to use this feature. Every time users will try to log in, Google will show a prompt on their phone asking the account owner to approve the login request. There's no one-time code that users have to fill in, and users can authorize a login request with the tap of a button.

4 of 181 comments (clear)

  1. Terrible editors by Anonymous Coward · · Score: 2, Insightful

    I know stories are posted farther apart at night, but it's embarrassing to have stories three hours apart on a weekday afternoon. These editors suck. There used to be a lot of pornographic fiction involving Slashdot editors. I'd like to see what you guys can come up with to explain why the editors weren't posting stories.

  2. Re:My iPhone is somewhere else... by jason2971 · · Score: 3, Insightful

    Then you aren't the target user. I doubt you even use 2FA, if you don't keep track of your phone. So this won't affect you.

  3. Re:My iPhone is somewhere else... by Misagon · · Score: 4, Insightful

    That exact use case - as an emergency phone in the car or summer cottage etc. - is why people still have "dumbphones" that can't run apps.
    Batteries in those can last for six months or more, where as a "modern" smartphone won't even last for a couple days when turned "off".

    --
    "We mustn't be caught by surprise by our own advancing technology" -- Aldous Huxley
  4. Re:And if one uses Thunderbird? by swillden · · Score: 4, Insightful

    I truly love it when Google sends me an email to my gmail account telling me that it didn't allow my device to log in to get my gmail because it was coming in from an unknown IP address. This truly is Dilbert levels of customer support.

    Nonsense.

    Those emails are important. Not when it actually was your device that was prevented from logging in, but when it wasn't. In that case, the email informs you that someone is trying to get into your account, and that they have your password. Which means you should change your password, right the hell now. Unless of course, you recognize the login attempt because you were the one that made it.

    If you want to stop getting those emails, turn on 2FA.

    --
    Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.