Technology News latest news,cricket news,indian news,daily news,live news,business news,bollywood news,news website

Google Makes It Now Easier to Do the 2-Step

Google Makes It Now Easier to Do the 2-Step

Google Makes It Now Easier to Do the 2-Step

Google on Monday began rolling out a new two-step authentication feature, Google Prompt, targeting enterprise employees.This new option consists of a pop-up that displays a mobile user’s name and profile image, and This is specifies the location and device involved in the attempted sign-in. The device owner is asked whether you to allow or deny the sign-in.Enterprise end users still have other choices for two-step authentication. It can also use a Google Security Key or enter a verification code sent to their phone.

Google Makes It Now Easier to Do the 2-Step

Implementing Google Prompt

It “Implemented correctly, two-step authentication is an improvement over traditional password-based authentication,” said Travis Smith, senior security research engineer at Tripwire.

“Moving to the Google Prompt mechanism is a step to make two-step authentication easier to implement for end users,” he told TechNewsWorld. “Instead of having to copy a six-digit code from one device or app to another, they can hit a single button when prompted.”

It will be update its Help Center with detailed instructions on how to implement its latest two-step authentication feature.

Now Google Prompt is available for both Android and iOS. Android all users have to update Google Play Services to use Google Prompt, while iOS users have to install Google Search on their devices first.

“Typically with features like this, IT gets lots of notice that it’s coming,” observed Rob Enderle, principal analyst at the Enderle Group. Google appears to have done this with little or no notification,” he told TechNewsWorld.It also Springing new features can be annoying forthe  IT departments, because in this results in “a bit of an unplanned fire drill,” Enderle said.However, Google Prompt does give users a choice and should be easier to use, which could result in fewer complaints.This is  not without risk, though. A hacker could get the notice and push it to something that already has been compromised, Enderle suggested.

 

2-Step Weaknesses

This example of a phishing attack against a two-step verification system, an attacker could trigger the delivery of a code from a service provider to a user, and lure the user into forwarding the code to the attacker, researchers at the New York University Polytechnic School of Engineering have demonstrated.

This  attacker would attempt to log into the victim’s account and then claim to have forgotten the password. It should be trigger a verification code text. The hacker then would send the victim a second SMS, asking the user to forward the verification code to confirm the phone was linked to the online account under attack.In this demonstration, most targets weren’t aware that the two SMS messages came from different sources.”We attribute the success of the attack to the lack of an effective and usable means for the user to verify the service provider, the lack of context for the message sent, and an assumption about users’ understanding of the authenticating process,” the NYU researchers wrote.It’s also  critical to enable a password on the lockscreen of mobile devices,”Not only will this reduce the chances of a nefarious actor accessing sensitive data, but it will also prevent the actor from gaining access to the two-step authentication prompts to add rogue devices to your account,” he explained.

The Big Picture

“This  issue for Google is that Android has been historically insecure,” Enderle pointed out.”For any security solution to work, you have to believe the platform can be made secure,” Enderle continued. “Because Android still has a lot of side loading, any security solution on that platform can be compromised by malware more easily than most other platforms.”
 


Menu Title
web counter
web counter