Google has updated its two-factor verification process in a move to simplify the steps users need to take to log in to their Google accounts.
Google, which according to The Verge has supported two-factor authentication for more than five years, has added a feature that allows users to tap one of two prompt son their smartphones that say: "Yes, allow sign-in," or "No, deny sign-in" to approve or deny login requests.
The feature is a simpler option than existing methods of (1) having Google text a code, or (2) requiring users go to a Google random code generator app and enter its characters into an account site. Google will continue to offer those two-step authentication methods alongside its latest security feature update.
Users with an Android phone will need to have the latest version of Google Play Services loaded on their device to use the Google two-factor authentication prompt. Apple iOS users will need to install the Google search app on their iPhones to use the new security feature.
But whether this simplification will succeed in enticing more users to beef up security by using two-factor authentication has yet to be seen. However, it may be a good start.
"In my view, this change will allow more users to enroll and take advantage of the two-factor authentication. Many users will refuse to open an app and enter a code [because of] too much friction, but hitting a key similar to a phone notification that everyone is used to might just remove enough friction to start a mass enrollment for many folks with smart phones.
"If Google ever moves toward making this the default behavior once they detect [...] the type of phone, [...] I believe it could drastically reduce account takeover and increase [the] security of Google offerings," Scott Carlson, technical fellow at security firm BeyondTrust, told InformationWeek.
[See 10 Stupid Moves That Threaten Your Company's Security.]
He noted that this form of two-factor authentication is technically similar to the push notifications and texts that banks have successfully used for years, and that a few single-sign-on providers are starting to allow their customers to use it.
"It appears that most consumers and employees trust their smart device now, and if Google starts to see, and publishes positive adoption numbers, I believe we will see many internet-based service companies moving toward this model where they prompt a user before logging in," said Carlson.
Still, some may note that enterprises should not necessarily view two-factor authentication as a security silver bullet, and point to the need for companies to consider how their systems are designed and built.