Is Your 2-Factor Authentication Email Going to be Hacked?

Google Prompt is a new way to implement 2FA (two-factor authentication). It connects your phone directly to login attempts, allowing you to verify without having to wait for an email, SMS message, or an app to open.


If you’ve been keeping up with this cyber security blog, you know that I’m an advocate of strong passwords and keeping your personal data safe. two-factor authentication is a must, and I would advise everyone to use it anywhere they can. Except now Google doesn’t.

Google actually does still like two-factor authentication (2FA), they just have released a new way to do it, which is supposedly more secure, and less hackable. It’s called Google Prompt, and instead of using a standard SMS notification to provide users with a code, they instead use the phone or an app.

For Android users, Google uses more encrypted channels of communication to alert users directly on their phone, instead of through an app or with a text or email. Since Android phones require a Google account, the communication with the phone is made securely through that account. For iPhone users, they can use the same Prompt technology using the Google app. A Google account is still required, as is the app, but you can use the same features as Android users can.

You may recall that recently Google released an app, called Google Authenticator, which acts in the same way. Third-party authentication is a smart way to go since you aren’t relying on a text or an email sent from your account. Though probably not a faster method than other 2FA apps for iPhones, Prompt is reportedly much faster than using an app, since you don’t need to open a separate app, or use a separate login screen and then allow access.

Google has introduced this as a quick and easy way to make things more secure for its users. A simple fingerprint or PIN is the current “fast” method, but in the case of Prompt, it simply pulls up an “Allow/Deny” notification, verifying your login attempt on a computer. It doesn’t require a password or fingerprint scan before you can verify the attempt.

That doesn’t mean it’s not secure. Google will not allow prompts unless a screen lock is in place, whether by password, PIN, or fingerprint scan. The new Samsung Galaxy S8 has Facial Recognition and an Iris Scanner. All you need to do is pick one (okay, probably two) and then you are all set to verify to your heart’s delight. Just make sure you pick a safe password.

Why is 2FA so important? And why aren’t the SMS messages good enough? Passwords are often easy to hack. Not by guessing their child’s birth date, or a movie-esque algorithm that can crack open the Pentagon, but by copy/paste, or through user error. If you leave your password saved on a public computer, chances are someone is going to login to your account. Hopefully not with malicious intent, but you cannot allow your personal information to fall into anyone else’s hands but your own. Emails and text messages can be intercepted, and now more than ever. 2FA is great, but you need to protect your email account and your phone, and not just call it good since your Google account is protected.

If you have an Android phone, you should seriously consider implementing Google Prompt. If you don’t, 2FA is still one of the best things you can do now for your personal cyber security.