Your Android phone’s volume key can unlock your Google account

Google just made two-step verification a little easier for Android users. Android phones running 7.0+ Nougat or newer can be used as a physical security key to confirm a user's identity when logging into a Google account with the Chrome browser. When...

Google users can sign into Firefox and Edge with a security key

Until now, you've had to use Chrome to sign into your Google account with a security key. You won't have to be quite so choosy going forward, though. Google has transitioned to using the new Web Authentication standard for hardware-based sign-ins,...

Google streamlines two-step verification with security keys

Google just made it easier to lock down your account if you're a G Suite user. The internet giant is trotting out a series of updates for two-step verification, starting with the interface itself. You'll see new instructions text and images to walk...

Google’s updated security roadmap details increased friction, reliance on hardware

Google's updated security roadmap details increased friction, reliance on hardware

A lot has changed in the security realm since 2008 -- remember Alicia Keys' recent attempt to convince us her Twitter account was hacked, when we all know she still uses an iPhone even as BlackBerry's Creative Director? Pranks aside, the consumer world alone has been overrun with mass data hackings -- everyone from Evernote to Microsoft to Sony to RSA has felt the wrath. To combat all of this, Google is revamping its five-year security plan, which calls for a complex authentication code replacing the conventional password in due time; in other words, Google is going to make it harder to access your accounts when initially setting up a device, but hopes you'll deal. Eric Sachs, group product manager for identity at Google, put it as such: "We will change sign-in to a once-per-device action and make it higher friction, not lower friction, for all users. We don't mind making it painful for users to sign into their device if they only have to do it once."

The documents also suggest that two-step verification may soon become less of an option, and more of a mandate. Sachs straight-up confesses that Google didn't predict the current level of smartphone adoption back in 2008, but now realizes that utilizing mobile hardware and apps as friction points for logging in makes a lot more sense. A huge swath of Google users are already carrying around a product that could be used as a verification token, so the obvious solution is to make use of that. We're also told that learnings from Android will be carried over to Chrome, and further into the world of web apps. No specific ETAs are given, but trust us -- half a decade goes by quickly when you're having fun.

Filed under: ,

Comments

Via: ZDNet

Source: Google