Most major technology companies offer some take on two-factor authentication as an option for users to secure access to accounts and web-based services.
Making users drink from that pond, however, has been a different story.
Simplifying the process of using the second form of authentication, most often a verification code sent to a mobile device, has been an ongoing exercise for a lot of companies.
Google is the latest to chop away at the complexity of sign-ins. On Monday, it announced that it had made available a feature by which users could approve the prompt, at left, on their phones as a second form of authentication. Users can simply tap yes if they want to allow the authentication request, rather than search through SMS messages and remember a sometimes-complex verification code.
“We know that security is one of your top concerns as a Google Apps admin and that many of you require your employees to turn on 2-Step Verification (2SV) to keep their accounts safe,” Google said in making its announcement on the Google Apps Updates blog.
Google said that users can select this option in My Account under Sign-in & Security > Signing in to Google > 2-Step Verification.
Google added that this will be a gradual rollout and could take longer than three days. Also, mobile users can also take advantage of the feature; Android users must update Google Play Services to use this prompt, while iOS users will need to install the Google Search app.
Two-factor authentication is just one measure that’s gained urgency in recent weeks as massive password dumps find their way online forcing services such as GoToMyPC, Twitter and others to force password resets. Hackers are cross-referencing large collections of users names and passwords from recent breaches and trying to access accounts. GitHub, for example, last week said hackers were caught brute-forcing a substantial number of accounts using credentials stolen elsewhere.
Two-factor authentication, or two-step verification, protects accounts from unauthorized access even if credentials are breached. The requirement for a second factor of authentication puts up a hurdle to attackers and is crucial for privileged account holders.
The recent password dumps also illustrate the risks of re-using passwords on more than one online service.
“Honestly, as an industry we are in some pretty serious denial about passwords and password reuse,” said Jessy Irwin, security empress at AgileBits, the makers of the 1Password password manager, in an interview with Threatpost earlier this month. “It’s low hanging fruit for hackers. The security industry focuses on the latest zero days and malware. Meanwhile, passwords are the same as they were 30 years ago – the weakest link in even the most secure system,” she said.