Google Simplifies Two-Step Verification

Google has simplified its 2-step verification feature with a basic prompt users can take advantage of as a second form of authentication.

Most major technology companies offer some take on two-factor authentication as an option for users to secure access to accounts and web-based services.

Making users drink from that pond, however, has been a different story.

Simplifying the process of using the second form of authentication, most often a verification code sent to a mobile device, has been an ongoing exercise for a lot of companies.

google 2svGoogle is the latest to chop away at the complexity of sign-ins. On Monday, it announced that it had made available a feature by which users could approve the prompt, at left, on their phones as a second form of authentication. Users can simply tap yes if they want to allow the authentication request, rather than search through SMS messages and remember a sometimes-complex verification code.

“We know that security is one of your top concerns as a Google Apps admin and that many of you require your employees to turn on 2-Step Verification (2SV) to keep their accounts safe,” Google said in making its announcement on the Google Apps Updates blog.

Google said that users can select this option in My Account under Sign-in & Security > Signing in to Google > 2-Step Verification.

Google added that this will be a gradual rollout and could take longer than three days. Also, mobile users can also take advantage of the feature; Android users must update Google Play Services to use this prompt, while iOS users will need to install the Google Search app.

Two-factor authentication is just one measure that’s gained urgency in recent weeks as massive password dumps find their way online forcing services such as GoToMyPC, Twitter and others to force password resets. Hackers are cross-referencing large collections of users names and passwords from recent breaches and trying to access accounts. GitHub, for example, last week said hackers were caught brute-forcing a substantial number of accounts using credentials stolen elsewhere.

Two-factor authentication, or two-step verification, protects accounts from unauthorized access even if credentials are breached. The requirement for a second factor of authentication puts up a hurdle to attackers and is crucial for privileged account holders.

The recent password dumps also illustrate the risks of re-using passwords on more than one online service.

“Honestly, as an industry we are in some pretty serious denial about passwords and password reuse,” said Jessy Irwin, security empress at AgileBits, the makers of the 1Password password manager, in an interview with Threatpost earlier this month. “It’s low hanging fruit for hackers. The security industry focuses on the latest zero days and malware. Meanwhile, passwords are the same as they were 30 years ago – the weakest link in even the most secure system,” she said.

Suggested articles


  • brian on

    The real problem is that the risk to benefit is way to low for the criminals. The solution lies in the hands of government, they need to spend considerable larger sums on tracking down hackers, increase minimum penalties to 10-20 years in jail for anyone involved, from handling stolen cards to hacking etc. Zero tolerance if there is financial motive, if the criminal are in a jurisdiction that won't take action, then that jurisdiction is removed from the world wide internet. Make cyber crime the 'stealing a horse' crime of the 21st century (just jail time and no rope!).
    • Alex on

      If you remove China from world wide internet, where will everyone order cheap stuff from?
  • Tom Watson on

    We need a new kind of authentication process that doesn't rely on passwords (or on things (eg. biometrics) that effectively reduce to being passwords).
  • Kyaw Lay on

    i want to get back my account but i am trouble with 2-step verification code. If there is some one can help me please help me..........

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.