Google is moving to automatic two-step verification (2SV) – don’t panic

Last year Google announced it would move user log-ins to Google Account, Gmail, YouTube and Google Home to automatic two-step verification (2SV). This is to protect you – it is not as onerous as some claim.

All major apps/companies like Google, Microsoft, Apple, Facebook, Amazon etc., are moving to mandatory two-step verification (2SV) – password-less log-ins.

The Google announcement recognises that passwords are highly insecure. A brute force attack can solve any dictionary-based password in a fraction of a second.

Email is one of the most frequently phished/hacked apps – any email client. Older email clients are a prime target. Cybercriminals are now using AI and Facebook profiles to identify potential words you may be using – dog’s name, date of birth etc., to make that even faster. Passwords must go, but what replaces them must be easy to use yet more secure.

What is two-step verification (2SV)?

Two-step verification (2SV) solves that – no one can access your critical accounts without your permission.

You will continue to sign in with a Gmail address and password for nominated Google services and apps. Google will immediately send a ‘Google Prompt’ notification to your mobile number to confirm it was them (Just press ‘Yes, it was me’). If you don’t have a mobile, you can send the notice to another email address nominated as the Gmail backup.

I understand that even after you move to 2SV, you can turn it off in your Google Account settings. But that then is your choice, and you face the consequences.

Older apps and outdated operating systems on your PC/smartphone are less secure

If you use older or less mainstream apps installed on your PC/Mac, these need to be updated. Newer cloud-based apps update every time you use them. Hopefully, one step ahead of cybercriminals.

For example, Outlook 2013 is insecure. Microsoft has made a new free Outlook cloud-based client for Windows, macOS, iOS and Android. It includes email, calendar, people, tasks – it works just the same but has an unpickable lock. Gmail is a cloud-based app as well.

CyberShack’s view – two-step verification (2SV) is a smart move

Two-step verification (2SV) is just the start. Its one weakness is that it is smartphone oriented, and there is a very small digital divide that doesn’t have one. Google also uses biometrics (fingerprint) and works with hardware makers to have digital chip signing.

The Cybercriminals – bad guys – are well-financed, well-equipped, and, in some cases, ahead of the good guys. If the web is not secure, we risk losing all if we use it.

Other CyberShack consumer advice posts.