Think 2FA is a joke? This post is for you. The new research done by Google is something you should know.
Google earlier this year advised its users to add their phone numbers as secondary security to their accounts. The information was then meaningless since there wasn’t any statistical data to point out the impact of 2FA by then. The tech giant was yet to investigate the real effectiveness of 2FA in daily life.
Two-factor authentication commonly abbreviated as 2FA refers to an extra layer of security in addition to a password. In other words, 2FA can be termed as a method of securing online accounts through multiple authentication rounds. 2FA is highly recommended since it provides extra security for online accounts, apart from the regular password.
Here’s how two-factor authentication works in few words;- after you’ve keyed your credentials (username and password), still there’s an extra challenge that a user has to complete to prove their identity before they can be given access to the account. The additional challenge may require one to enter a code sent via SMS, or put a physical security key or even validate the sign in using a link sent to a recovery email address.
2FA can be implemented using apps like Google Authenticator or Authy, among other apps or hardware security devices via USB drives. If you ever had questions on the effectiveness of 2FA, then probably Google has your answer now. The company has reported results of a year-long research on the efficacy of 2FA.
You can have a look at the results here. But still, here’s a summary of the same.
The research was done in partnership with New York University and the University of California, San Diego. Google reported that automated bot attacks were the most common type of attacks currently. Automated bot attacks are common because it’s the technique used by hackers when trying to utilize breached data from hacked websites.
From the research, it was found that requesting a device prompt alone blocked 100% of automated bot attacks, 99% of bulk phishing attacks, and 90% of directly targeted attacks. Using security key based type of 2FA was the most effective method among the three investigated techniques.
Using physical Security key for 2FA blocked 100% of the automated bot, bulk phishing, and directly targeted attacks. On the other hand, the traditional SMS authentification was the least secure method with a 100%, 96% and 76% resistance to automated bot attacks, bulk phishing, and directly targeted attacks, respectively.
With the released data, its high time that you should consider implementing two-factor authentication for all your online accounts.