Google revealed today that a recent initiative to require customers to enable 2-Step Verification (2SV) has been incredibly successful: among the over 150 million customers who were auto-enrolled into 2SV since last year, account compromises fell by 50 percent.
“By making all of our products secure by default, we keep more users safe than anyone else in the world, blocking malware, phishing attempts, spam messages, and cyber-attacks,” Google director Guemmy Kim explains. “Last year, we accelerated our journey to eliminating password threats by starting to auto-enroll users in 2-Step Verification (2SV), giving people an extra layer of protection when cybercriminals try to hack into their accounts, by requiring a second form of verification beyond the password.”
Sign up for our new free newsletter to get three time-saving tips each Friday — and get free copies of Paul Thurrott's Windows 11 and Windows 10 Field Guides (normally $9.99) as a special welcome gift!
"*" indicates required fields
Google says that this decrease speaks volumes about the effectiveness of 2SV and similar multi-factor authentication schemes. (Microsoft’s calls its consumer effort “two-step authentication.”) But it wants to do more. It provides a Security Checkup for Google account holders to help make sure those accounts are as securely configured as possible. It will continue auto-enrolling users into 2SV. And it provides a Password Manager that’s built into Chrome, Android, and the Google App; this Password Manager helps create strong passwords for online accounts, check if they’ve been involved in a breach, verifies the authenticity of sign-in pages before logging you in.
dftf
<p>I currently use SMS-based 2FA (yes, SIM-hijack attacks, spoofed-numbers… I’m aware of the risks!), as I’ve known friends who use the authenticator apps who’ve ran into issues with them (e.g. needed to reinstall the app or reset their phone, or bought a new phone and lost access) and then found it a complete pain to re-gain access to their various accounts.</p><p><br></p><p>Can anyone reccomend a good authenticator-app and perhaps explain how to me what recovery safeguard it offers, briefly — one-time recovery codes, perhaps, or maybe a code sent to both an SMS number and e-mail address or something?</p><p><br></p><p>I know I should move to an app from SMS… but I don’t like the idea of something going wrong and then having a nightmare trying to regain access to online accounts.</p>
dftf
<p>Okay, two follow-up questions please:</p><p><br></p><p><strong>(1) </strong>When you move onto a new phone, what do you have to do to make the app work again? Do you just sign into it with the e-mail address and password, or is anything-more involved?</p><p><br></p><p><strong>(2) </strong>Do all sites you use with 2FA support the <em>Microsoft Authenticator</em> app, or do some not support it?</p>
dftf
<p>From review sites I’ve checked, <em>Google Authenticator </em>is one to avoid, as it doesn’t do any backups to your <em>Google Account</em>, only to an encrypted local-file (I think). And to transfer, you have to make a QR code appear on your old phone, then scan it on the new one. So no-good if you were to lose your current phone, or it was to ever stop powering-on.</p><p><br></p><p>(Pity, as otherwise it’s a tiny-sized app with a clean UI.)</p>
dftf
<p>If you get a new phone, then what do you do on the new one to make <em>Authy </em>work again? Just sign in with an e-mail address and password or anything more to it?</p><p><br></p><p>Also, does that app work with all app-authentication supported sites (as some examples: GMail, Office Online, Amazon, eBay, Uber, WhatsApp, GitHub), or do some sites only work with specific authenticator apps?</p>