Changes to two-factor authentication

By Euan Henderson

Cyber Security Apprentice

Google has recently changed its default two-factor settings from SMS to device-based prompts.

This change was implemented in July in the hope of preventing the exploits currently available, such as SIM cloning and social engineering, to gain access to the code.

The change could minimise these attacks as it means attackers need to gain access to one of the authenticated devices. The change will make it easier to use two-factor authentication and protect against some of the threats that are presented by SMS.

This change removes the slow and cumbersome process of entering codes for access.

Users are still able to set the two-factor authentication settings to SMS if they wish but this is not advised. The user can also review which devices have been authorized and have access to these settings.

Authentication messages are sent to all authenticated devices and not just a single device, meaning any attempt made to gain access to the account will be easily identifiable.

This new update to two-factor authentication has helped secure accounts further.