Security experts regularly urge people to make their online accounts safer with two-factor authentication. Now Google has introduced new settings designed to make that easier for Google Apps administrators and users.
By changing their Google sign-in and security settings, users can now opt for an alternative to the six-digit codes Google usually sends out to enable identity verification via mobile devices. Instead, Google Apps users can choose to receive automated prompts on their smartphones that lets them verify sign-in requests with a single tap.
Announced yesterday on the Google Apps Updates blog, the alternative verification method is rolling out this week to Android users who have the latest version of Google Play Services on their devices. People with iOS devices will have to install the Google Search app first to use the new verification prompt.
Looking Beyond Passwords
Like many other tech companies, Google has been exploring ways to help users keep their accounts secure beyond the use of simple passwords, which can be easily forgotten, stolen or guessed.
For example, Google this month expects to begin real-world tests of its Project Abacus, a program aimed at helping to “get rid of passwords.” Built using machine intelligence for user verification, the project’s Trust API — thought to employ facial recognition technology — is being tried out by several large financial institutions, according to Google.
Passwords, sometimes described as one-factor authentication, do not always guarantee security, especially not when users choose easy-to-remember phrases or strings that also tend to be easy for hackers to guess. Just last month, data from millions of LinkedIn accounts hacked four years earlier appeared for sale on the dark Web. Analysis of those records showed that hundreds of thousands of those accounts used passwords such as “123456,” “linkedin” and “password.”
Security a Constantly Moving Target
In another security update announced today, Google said it is also adding new security notifications for Webmasters who use Google Analytics. The new alerts indicate when a site shows signs of being hacked for spam.
“Our research has shown that direct contact with Web site owners increases the likelihood of remediation to over 75%,” Google’s Giacomo Gnecchi Ruscone and Anthony Medeiros wrote in a blog post today. “This new alert gives us an additional method for letting Web site owners know that their site may be compromised.”
Ensuring security of online services continues to be challenging as hackers find new and creative ways to break into people’s accounts for various reasons. Earlier this month, for example, social justice advocate DeRay Mckesson discovered that his Twitter account had been accessed by someone who tweeted endorsements for Donald Trump under his name, as well as a message stating, “I’m not actually black.”
In that case, the hacker apparently got around Mckesson’s two-factor security precautions by calling Verizon pretending to be him and convincing a rep to change his SIM, which then enabled the hacker to receive Mckesson’s text messages.