Google wants users to use a prompts-based 2-Step Verification sign-in instead of the SMS two-factor authentication. This is partly because the National Institute of Standards and Technology disqualified the latter from its list of preferred authentication methods. Curious why?
Security was the main concern. According to Google, "This is being done because SMS text-message verifications are one-time codes that are more susceptible to phishing attempts." Hackers can dupe network operators into redirecting the message to their phone. Even worse, there are numerous Android apps that can be used to capture SMS codes sent from banks to customers.
To defend against these threats, Google introduced 2-Step Verification in user accounts. If a user tries to log in to an account, Google will send a phone alert prompting that person to confirm his or her identity. Prompts-based 2-Step Verification (2-SV) sign-in is safer because the entire process occurs over an encrypted connection. In February 2017, Google improved the existing 2-SV prompts with additional information on the device, location and time of attempted sign-ins.
Google hasn’t confirmed ending support for SMS authentication but has already sent invitations urging 2-SV-SMS to switch to the prompts-based version. Users will be given the option of whether they want to retain the prompt-based sign-in. However, users who refuse to switch will receive follow-up notifications after six months.
Android users will enjoy a seamless transition because they will receive prompts without having to download an additional app. However, iOS users who rely on SMS for 2-Step Verification are required to install the Google Search app on their phone.
For any questions, get in touch with us. We’ll help you stay on top of the latest IT management and technology news.