This article is more than 1 year old

Google turns to codeless tap factor authenticaton

Possible bug in screen lock requirement

Google has set up an easier two factor authentication system to allow staff to login with a tap instead of codes.

The Prompt feature is available to Google users and will allow them to sign into Mountain View services more easily than copying codes from its time-based Authentication app.

Users will need to apply a screen lock before Google will allow the one-tap verification to be activated.

Initial tests indicate that Prompt may still work if screen lock is activated for setup and later deactivated.

Users will be able to use the Prompt feature when setting up new devices or flashing new ROMs avoiding the need to have codes sent by insecure SMS.

The latter method is vulnerable to social engineering phone porting in which attackers use a victim's personal information to request a mobile number be ported to one under their control.

This allows attackers to receive SMS two factor authentication codes.

Google 2FA sign-in screen-cap

The new sign-in screen

Google does not allow users to run Prompt alongside its Security Keys and requires devices be online.

Android users will need updated Google Play Services while iOS types will need to install Google Search app.

Yahoo was first with a similar service that sent prompts to user's phones asking to approve login attempts. ®

More about

TIP US OFF

Send us news


Other stories you might like