Sunday, December 22, 2024

Tech News, analysis, updates, comments, reviews

Google account hacks drop 50% for 150 million who got 2-factor login

With two-factor authentication, hackers can't get far even if they've stolen your password. Ultimately, Google wants to move entirely beyond passwords.

If you were among the 150 million people that Google required to use two-factor authentication last year, consider yourself lucky: The chance your account was hacked dropped by half.

In the last three months of 2021, Google automatically enrolled 150 million account holders, along with 2 million YouTube users, in what it calls two-step verification, or 2SV. The security process usually combines a password with a second login challenge, such as a confirmation message in a Google app or a hardware security key.

The requirement proved worthwhile. Account compromises were half as likely on 2SV accounts than they were for password-only accounts, Google said in a blog post Tuesday.

“This decrease speaks volumes to how effective having a second form of verification can be in protecting your data and personal information,” Google said. “Turn on 2SV (or we will!), as it makes all the difference in the event your password is compromised.”

Google has an incentive to nudge its users toward a stronger login system. It has billions of Gmail, Google Workspace and YouTube account holders. That makes it a tempting target for hackers, who often employ social engineering tricks to wheedle information out of people. And email accounts like Gmail are particularly important to protect: Resetting other passwords often goes through email, so a compromised email account can lead to other hacks. 

Moving to two-factor authentication is a big step for a lot of people, but likely not the last one as companies try to address the ever more apparent shortcomings of password-only login. We forget passwords, pick weak ones and reuse passwords on multiple sites. The Have I Been Pwned service, which alerts you to sensitive information leaks, has amassed a list of more than 613 million passwords found in data breaches.

Multifactor authentication means hackers aren’t as likely to profit from having your stolen password. It also helps enable a future where we dump passwords altogether.

Microsoft is promoting no-password authentication that uses biometric technology like Windows Hello face identification, phone-based authentication apps and security keys. Google also hopes to phase out passwords eventually.

Apple, which requires two-factor authentication when you’re setting up a new device or logging onto your Apple account on the web, also is pushing the same direction. It’s working on a technology called passkeys for iCloud that will enable passwordless logon that’s available now for developers to test.

All the foundational work by the world’s biggest tech companies is a good indication that if you’re using passwords alone for logon, you should brace yourself for some changes. It also indicates that we’ll see more secure alternatives to a common but imperfect form of two-factor authentication, text messages sent to your phone.

Google has been a big proponent of hardware security keys, small devices that connect wirelessly or through USB ports. Their use wiped out successful phishing attacks on Google employees. Such keys, however, introduce new challenges because they can be complex. Price is also a factor. Even cheap security keys cost at least $29.

Another major change in security is the adoption of password managers like LastPass, 1Password, Bitwarden and KeePass. Google steers people toward its own password manager, which is built into Chrome and Android and can be used on iOS, too. Apple built a password manager into its iPhone, iPad, and Mac software, too, and with a utility to use it on Windows.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Get notified whenever we post something new!

spot_img

Migrate to the cloud

Make yourself future-proof by migrating your infrastructure and services to the cloud. Become resilient, efficient and distributed.

Continue reading

Salesforce Flaw Allows Full Account Takeover

A critical vulnerability has been discovered in Salesforce applications, which could potentially lead to a full account takeover. The flaw was identified during a penetration test and is tied to misconfigurations within Salesforce Communities, specifically within the Salesforce Lightning...

Concerns about the ICT Bill 2024 in Kenya

THis post has been updated after the attention it is gannering. The original post can be found here: https://web.archive.org/web/20240813033032/https://blog.blancorpsolutions.com/kenya/concerns-about-the-ict-bill-2024-in-kenya/ Kenya's tech industry has been a beacon of innovation and growth, thanks in part to a regulatory environment that has allowed...

What are the real intentions of tracking IMEI numbers?

Imagine if you had a magic map that could show you where all your favorite toys were at any time. Sounds pretty? Well, in Kenya, the government wants to do something similar, but with people’s phones. They plan to...

Enjoy exclusive discounts

Use the promo code SDBR002 to get amazing discounts to our software development services.