I’ve worked with a few Europeon banks that have been using OTP for years, and while it does cut down on losses, the bad guys have been getting around them for years. As with an authentication solution they can be bypassed. This entry was posted on Thursday 10th of February 2011 02:30 PM Given the epidemic of commercial and consumer e-banking account takeovers aided by password theft, it would be nice to see financial institutions taking a cue from Google’s offering. Still, the 2-step verification process is more robust than many banks are offering their customers for online authentication these days. On top of that, threats to mobile devices or cleverly-designed social engineering attacks could still trick users into giving away the codes. And to be sure, many users probably will end up locking themselves out of their accounts, despite the availability of multiple means of obtaining a secondary code that Google has offered. For now, the option to enable it is tucked inside of the “user settings” panel in Gmail, an area into which many users probably never venture. This feature is undoubtedly a useful tool for securing accounts the challenge will be making users aware of the option. At the corresponding login page, the option to “Remember this computer for 30 days,” was pre-checked. ![]() I skipped this step because I don’t use those services, but was confused by the prompt that said “Your two-step verification settings have not changed.” When I went back again and ran through all the setup options, Google’s system did not prompt me to add the application specific codes, but instead gave a page with a button to “turn on 2-step verification”, which signed me out of my Gmail and then called me with the one-time code. Another setup page offered the ability to add a secondary backup phone to send the code via SMS/text message, or automated voice message.Ī final page warned that “Google has detected that you need to create application-specific passwords” to use applications like mobile Gmail, desktop Picassa or AdWords editor. The setup wizard then gave me 10 backup codes to use in cases when for whatever reason I don’t have access to my Skype account. I choose to set it up to call my Skype line and read the code aloud, and the call came in three seconds after I hit the submit button. I set up the 2-step verification process for my Gmail account, and found the process to be quick and painless, if a little involved. You can also set up one-time application-specific passwords to sign in to your account from non-browser based applications that are designed to only ask for a password, and cannot prompt for the code.” ![]() If you like, you can always choose a ‘Remember verification for this computer for 30 days’ option, and you won’t need to re-enter a code for another 30 days. “A hacker would need access to both of these factors to gain access to your account. “It’s an extra step, but it’s one that significantly improves the security of your Google Account because it requires the powerful combination of both something you know-your username and password-and something that only you should have-your phone,” Shah wrote in a blog post published today. ![]() Today, Google will begin rolling this feature out to all users, although it may be available to all users immediately, Shah said. ![]() To combat this threat on its platform, Google is announcing that starting today, users of Google’s Gmail service and other applications will have the option to beef up the security around these accounts by adding one-time pass codes sent to their mobile or land line phones.įor several months, Google has been offering this option to business customers and to “hundreds of thousands” of regular users who lost control over their accounts due to password theft, said Nishit Shah, product Manager for Google Security. Stolen or easily-guessed passwords have long been the weakest link in security, leaving many Webmail accounts subject to hijacking by identity thieves, spammers and extortionists.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |