Google releases significantly update to its two-factor authentication (2FA) system, offering users a more streamlined and secure login experience. This update, now rolling out to Workspace users and personal accounts, aims to simplify the setup process while strengthening overall security.
Google is strengthening account security with improved two-factor authentication
Previously, users could enable 2FA, but lacked the option to define the secondary verification method in advance. This update fixes this by allowing users to select a second-factor method – such as the Google Authenticator app (or a similar OTP generating app) – before enabling 2FA. This eliminates the less secure SMS verification option that used to be the default secondary method for many users.
Google highlights the benefits of this approach. SMS verification, while convenient, is susceptible to vulnerabilities such as SIM swapping attacks. By prioritizing stronger authentication methods such as authenticator apps and hardware security keys, Google significantly improves account security.
Gizchina News of the week
Enhanced security options with passwords and security keys:
The update introduces two options for linking hardware security keys in the Passwords and Security Keys tab:
- Use a security key: This option uses the FIDO1 (Fast Identity Online) protocol to register security key credentials.
- Create a password: This uses the FIDO2 protocol, offering a more robust approach. Users who choose this method must use the Security Key PIN for verification, adding an extra layer of security.
Improved user control:
Another important improvement lies in the revised behavior when disabling 2FA. Previously, disabling 2FA automatically removed all secondary factors associated with the account. The updated system offers more control to the user. Now turning off 2FA will not automatically remove predefined secondary factors. This ensures permanent protection even if users temporarily disable 2FA.
Overall, Google’s improved 2FA system means a commitment to robust account security. By prioritizing stronger authentication methods and offering granular user control, Google enables users to protect their accounts more effectively.