Monday, May 27, 2024

Tech News, analysis, updates, comments, reviews

Google account hacks drop 50% for 150 million who got 2-factor login

With two-factor authentication, hackers can't get far even if they've stolen your password. Ultimately, Google wants to move entirely beyond passwords.

If you were among the 150 million people that Google required to use two-factor authentication last year, consider yourself lucky: The chance your account was hacked dropped by half.

In the last three months of 2021, Google automatically enrolled 150 million account holders, along with 2 million YouTube users, in what it calls two-step verification, or 2SV. The security process usually combines a password with a second login challenge, such as a confirmation message in a Google app or a hardware security key.

The requirement proved worthwhile. Account compromises were half as likely on 2SV accounts than they were for password-only accounts, Google said in a blog post Tuesday.

“This decrease speaks volumes to how effective having a second form of verification can be in protecting your data and personal information,” Google said. “Turn on 2SV (or we will!), as it makes all the difference in the event your password is compromised.”

Google has an incentive to nudge its users toward a stronger login system. It has billions of Gmail, Google Workspace and YouTube account holders. That makes it a tempting target for hackers, who often employ social engineering tricks to wheedle information out of people. And email accounts like Gmail are particularly important to protect: Resetting other passwords often goes through email, so a compromised email account can lead to other hacks. 

Moving to two-factor authentication is a big step for a lot of people, but likely not the last one as companies try to address the ever more apparent shortcomings of password-only login. We forget passwords, pick weak ones and reuse passwords on multiple sites. The Have I Been Pwned service, which alerts you to sensitive information leaks, has amassed a list of more than 613 million passwords found in data breaches.

Multifactor authentication means hackers aren’t as likely to profit from having your stolen password. It also helps enable a future where we dump passwords altogether.

Microsoft is promoting no-password authentication that uses biometric technology like Windows Hello face identification, phone-based authentication apps and security keys. Google also hopes to phase out passwords eventually.

Apple, which requires two-factor authentication when you’re setting up a new device or logging onto your Apple account on the web, also is pushing the same direction. It’s working on a technology called passkeys for iCloud that will enable passwordless logon that’s available now for developers to test.

All the foundational work by the world’s biggest tech companies is a good indication that if you’re using passwords alone for logon, you should brace yourself for some changes. It also indicates that we’ll see more secure alternatives to a common but imperfect form of two-factor authentication, text messages sent to your phone.

Google has been a big proponent of hardware security keys, small devices that connect wirelessly or through USB ports. Their use wiped out successful phishing attacks on Google employees. Such keys, however, introduce new challenges because they can be complex. Price is also a factor. Even cheap security keys cost at least $29.

Another major change in security is the adoption of password managers like LastPass, 1Password, Bitwarden and KeePass. Google steers people toward its own password manager, which is built into Chrome and Android and can be used on iOS, too. Apple built a password manager into its iPhone, iPad, and Mac software, too, and with a utility to use it on Windows.


Por favor ingrese su comentario!
Por favor ingrese su nombre aquí

Get notified whenever we post something new!


Migrate to the cloud

Make yourself future-proof by migrating your infrastructure and services to the cloud. Become resilient, efficient and distributed.

Continue reading

Google I/O 2024 Unveils the Future?

Google I/O 2024 was an impressive showcase of how Google continues to push the envelope with artificial intelligence. This year's event introduced significant advancements across multiple services and platforms, demonstrating Google's commitment to an AI-first future. Below, I try...

On-Premises vs. Cloud Security

As usual, we begin by championing cybersecurity. It stands as the foremost concern for organizations striving to safeguard their sensitive data and digital assets. Among the many strategies available, two dominant paradigms have emerged: on-premises security and cloud security....

Regulation Insights from Starlink’s in Zimbabwe

In recent times, the journey of Starlink, Elon Musk's ambitious satellite internet venture under SpaceX, has been marked by regulatory challenges, particularly in Zimbabwe. Meanwhile the Posts and Telecommunications Regulatory Authority of Zimbabwe (POTRAZ) issued a directive instructing Starlink...

Enjoy exclusive discounts

Use the promo code SDBR002 to get amazing discounts to our software development services.