How Does Google Leverage 2FA?
Google, one of the five tech giants in the world, recently enrolled 150 million users in their two-factor authentication system. Over 4 billion people rely on Google to conduct research, and important communications, share and collaborate on business documents, store important records, leverage the extensive space in Google Drive, and the list goes on. Yet while many users have adopted 2FA there are still millions of users whose data has been breached over the last several years; clearly, not everyone utilizes secure authentication.
Google’s 2FA process requires you to enter your username and password, and then you’ll be prompted to enter a one-time password (OTP). That one-time code is given to you but it changes every 30-60 seconds via an app or in an SMS, so if you’re timely with the input, you’re granted access. Their idea is, that if someone attempts to hack into your accounts, they would need to know your username and password and would need to have your phone with the ability to access the Google Authenticator app, to then be able to sign into the account they’re trying to hack.
However, in light of the T-Mobile SIM-Swap scam, Google recommends not using a text message for the OTP, because that has proven to be more insecure compared to safely accessing codes within the Google Authenticator app.
The Google Authenticator app is more secure because it doesn’t require an internet connection to receive the code assigned to your account, something you can’t do if you have to receive it via SMS. However, while this application is more secure than using nothing at all for logical access control, Google 2FA does come with a few drawbacks.
Limitations of Google 2FA:
Vulnerable Back-Up
If you’re an IT or security professional using Google to conduct various business operations, registration processes and vital storage locations can be dicey. The Google 2FA server will generate the same code you have and cross-check your input for authenticated access. Each member of your team will have to manually input the code for secure login, which adds another step to the log-in process. They have to set up another pathway to receive backup codes in case they aren’t able to access their account with existing credentials. If they log in with a backup or “reserve” code they have to go through the registration process all over again. While that part may seem inconvenient, what’s riskier is to receive those backup codes, they are sent online, which poses a cybersecurity weakness. If cybercriminals gain access to your company’s passwords and then access where you keep backup passwords, they can then access every account.
While the piling requests from your coworkers for password resets is time-consuming, it’s nothing compared to the risk of exposing important company data when your backups are stored in cyberspace. Luckily, with ADVANTIDGE multi-factor authentication solutions, you have complete control over company data/resources and the rollout of the application. You can set requirements based on the user level, and customize your dashboard for each department. Users can safely store and log on to network resources with secure credentials that are most convenient to them, all under your control.
Minimal Authentication Methods
Getting complaints from your team about the limited choices for credential input when using a 2FA solution like Google’s? With ADVANTIDGE multi-factor authentication we offer a variety of credentials for several types of devices; such as multi-factor authentication with email, mobile, browser push notifications, device-based authentication, biometrics, such as facial recognition or fingerprints, and challenge questions. MFA options like HID Digital Persona and ActivID, give your team the flexibility for secure logon via the contexts that work best for them.
Looking to explore more sufficient options outside of Google 2FA?
Common Features of ADVANTIDGE MFA Solutions
- Deploys on Windows Active Directory or LDS server
- User-friendly interface for easy self-enrollment of credentials and authentication policy enforcement
- Provides a browser-based SSO Portal for accessing SAML-enabled apps
- Offers an optional Password Manager feature to securely store, update, and auto-fill passwords
- Available in a variety of Configurations including SSO and Windows Logon
Check out this video on Adaptable Authentication Methods:
______
