Google turns to codeless tap factor authenticaton
Possible bug in screen lock requirement
Google has set up an easier two factor authentication system to allow staff to login with a tap instead of codes.
The Prompt feature is available to Google users and will allow them to sign into Mountain View services more easily than copying codes from its time-based Authentication app.
Users will need to apply a screen lock before Google will allow the one-tap verification to be activated.
Initial tests indicate that Prompt may still work if screen lock is activated for setup and later deactivated.
Users will be able to use the Prompt feature when setting up new devices or flashing new ROMs avoiding the need to have codes sent by insecure SMS.
The latter method is vulnerable to social engineering phone porting in which attackers use a victim's personal information to request a mobile number be ported to one under their control.
This allows attackers to receive SMS two factor authentication codes.
The new sign-in screen
Google does not allow users to run Prompt alongside its Security Keys and requires devices be online.
Android users will need updated Google Play Services while iOS types will need to install Google Search app.
Yahoo was first with a similar service that sent prompts to user's phones asking to approve login attempts. ®
- App stores
- Black Hat
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Google AI
- Google Cloud Platform
- Google Nest
- G Suite
- Identity Theft
- Kenna Security
- Palo Alto Networks
- Privacy Sandbox
- Tavis Ormandy
- Trusted Platform Module
- Zero trust