With a brilliant cybersecurity leap that must eventually be emulated by everyone, Google is gradually making multi-factor authentication (MFA) the norm, but with a slight twist on the name, choosing to call it 2SV, or 2-step verification.
How It Works
The way it works is that the user is authenticated through biometrics on the phone, and then the phone is authenticated through an internal key. Being transparent, the internal key also isn’t intended to authenticate a user, as biometrics are used in iOS and Android phones for such a purpose. The software, being FIDO-compliant, authenticates your device for entries that are not part of the phone, like Google Drive or Gmail. It brings a level of simplicity to a method that consumers can enjoy. Having it as the default option is indeed smart since user complacency has been well-recognized, and rather than forcing people to search through options to enable Google’s 2SV, it is enabled automatically.
How It Affects You
The question now is whether any businesses other than Google would be eager to use such a tool. Considering that Google did something very uncommon and included their rival Apple, we’re assuming we may see many who will be keen to jump on board here. Knowing how important security is and how much of a convenient game-changer Google’s 2SV will be, you might want to consult with expert teams like Intouch IT who specialize in network security services to adopt the latest digital security in your home and office. Imagine a world where you have peace of mind about your digital security. Would anybody mind if banks and financial enterprises increased their security and employed multiple factor authentications? Knowing no one could get into your home, network, or car without multiple checks in place would certainly let most rest easier at night.
It May Not Be for Everyone
In a business world, there’s still a compelling argument to use external encryption keys, and that is continuity. First and foremost, those keys have been bought in bulk already, so why not keep them and continue? Furthermore, consumers have such a wide range of devices, and standardization for staff and suppliers merely simplifies using external keys. A Google employee has also said that when comparing external keys with Google’s internal keys, there was no advantage because they both use FIDO. This could all change in a few years after Google inevitably increases the security of its internal software keys. Another foreseeable issue in Google’s attempts to eradicate passwords is that it won’t make a difference if most vendors still use the old method of passwords. Users can vote with their wallets here and boycott sites that don’t deploy this new convenient security, but many won’t understand the vulnerabilities that pins and passwords leave users open to.
Ultimately, security ends with the user. No matter how many steps developers put in place to mitigate the risks of accounts being compromised, it can all be nullified by the end-user. A careless user who may leave any of their security information or authentication devices out in the open, where dishonest people can take advantage of that information, will have their systems hacked. Be aware of the latest security risks and how to mitigate them, and you can be safer online and out in this increasingly digital world.