Google has announced an easier method to approve sign-in requests on both Android and iOS using two-step verification. The new Google Prompt requires just a simple yes/no to approve a log-in and is built right into Android and is available on iOS. Travis Smith, Senior Security Research Engineer at Tripwire commented below.
Travis Smith, Senior Security Research Engineer at Tripwire:
“When implemented correctly, 2FA is an improvement over traditional password based authentication. The key to 2FA success is keeping control of the two different factors of authentication. By requiring the attacker to acquire two pieces of information and/or hardware, it’s making their life more difficult. Moving to the Google Prompt mechanism is a step to make 2FA easier to implement for the end-users. Instead of having to copy a six digit code from one device or app to another, they can hit a single button when prompted.
For both consumers and corporate IT, it’s critical to enable a password on the lock screen of mobile devices. Not only will this reduce the chances of a nefarious actor accessing sensitive data, but it will also prevent the same actor from gaining access to the 2FA prompts to add rogue devices to your account. If a device is known to be missing, having the ability to remotely wipe the device is an increased protection mechanism to keep your account secure.”