Just as threat actors are finding new ways to steal your data, companies like Google are also coming up with ways to keep them out. While two-factor authentication has been around for a while, the new process means that you can keep your phone number private.
Google Skipping Phone Numbers for 2FA
Since two-factor authentication requires something that is uniquely yours to verify your identity, a phone number is one of the best options there is for doing that. However, that option is still flawed as threat actors have also found a way to get around SMS verification.
Fortunately, Google has implemented a new option for users. You can now opt for a "second step method" to your account, which instead uses an authenticator app or a hardware security key to create a secure set, as reported by The Verge.
Through Google Authenticator, you can enter a time-based one-time passcode, which is already a widely-used method for other login processes like streaming services. Still, the most secure choice out of all the options would be a hardware security key.
There are two ways you can register a security key. One is by doing it through a FIDO1 credential on the hardware key or by assigning a passkey to one. You may still need to enter your password on certain logins, depending on what certain systems require.
This can already be used by anyone who has a personal Google account along with all Workspace users. The company boasts that there are already over 400 million accounts using passkeys ever since Google allowed them last year.
It's a productive step for Google, especially since the company is expanding its passwordless login systems. It's a safer way to access your accounts and you won't have to remember several password entries for every account you have.
Why 2FA Adds an Extra Layer of Security
All major social media platforms now come with the option to enable two-factor authentication to avoid getting your account hacked, and the same goes for others like bank accounts and even streaming services since they hold financial and personal information.
2FA is a way for the company to verify that you're actually the one trying to log in. It can be an effective shield against threats like brute-force attacks, credential stuffing, credential exploitation, phishing attacks, and more.
While 2FA is a recommended security measure, it's still not foolproof. There are many options you can go for such as SMS verification, biometric scans, or hardware keys, and some are unfortunately more secure than others.
SMS verification, for instance, can still be intercepted by hackers if you're not careful. This can be done through SIM-swapping techniques or account takeovers. This means that they will also receive the one-time passcode sent to your phone number.
The most secure ways you can choose are hardware keys since they have strong encryption and are cut off from any cellular or internet connection, making it impossible to hack. Biometric scans are also secure enough since they use physical traits that are unique to you like fingerprints.