Google pitches “Tap Factor Authentication”
Yes. You got that right. Google does not seem to trust to use it’s own Screen Lock feature for internal use and instead has now asked its staff to use what it says is “Tap Factor Authentication” which is inherently nothing more than “Out of band Authentication.”
Now they are allowing Google users also to use this feature across its online services. And you would need to have a Smartphone with the Android or IOS connected to the Internet to be able to make use of “Tap Authentication”
How this works is quite simple. Once you have entered the username and password to access a Google service, if you are signing in from a device that you normally do not use, you will get a prompt on your authorized smartphone, prompting you to remotely authorize the access with a Yes or No. Clicking on Yes will allow access to the Google service.
Now, how far this will be adopted we have to see as also how much more secure this feature can only be understood once the technical details are available and hackers have their hand on testing it.
Considering that Google’s Android OS has been at the receiving end of all kinds of malware attacks and rootkits, it would not be too difficult to disable this feature and invisibly pass on a Yes prompt without the original user even noticing it.
What would be more secure would be if Google can add a Voice Biometric option where the user can speak Yes in his or her voice instead of clicking a button. Also the channel of transmission at present on both the Service Access web page as also the smartphone Tap Authentication is the Web channel. Which means if one can be hacked the other can too.
Google should look up a startup in India, AdoRoi Fort Knox that offers a more secure “Out of Band Authentication” rather than come up with such gimmicks.