Yes. You got that right. Google does not seem to trust to use it’s own Screen Lock feature for internal use and instead has now asked its staff to use what it says is “Tap Factor Authentication” which is inherently nothing more than “Out of band Authentication.”

Now they are allowing Google users also to use this feature across its online services. And you would need to have a Smartphone with the Android or IOS connected to the Internet to be able to make use of “Tap Authentication”

How this works is quite simple. Once you have entered the username and password to access a Google service, if you are signing in from a device that you normally do not use, you will get a prompt on your authorized smartphone, prompting you to remotely authorize the access with a Yes or No. Clicking on Yes will allow access to the Google service.

Now, how far this will be adopted we have to see as also how much more secure this feature can only be understood once the technical details are available and hackers have their hand on testing it.

Considering that Google’s Android OS has been at the receiving end of all kinds of malware attacks and rootkits, it would not be too difficult to disable this feature and invisibly pass on a Yes prompt without the original user even noticing it.

What would be more secure would be if Google can add a Voice Biometric option where the user can speak Yes in his or her voice instead of clicking a button. Also the channel of transmission at present on both the Service Access web page as also the smartphone Tap Authentication is the Web channel. Which means if one can be hacked the other can too.

Google should look up a startup in India, AdoRoi Fort Knox that offers a more secure “Out of Band Authentication” rather than come up with such gimmicks.

Source: Pixabay.com

About The Author

"Founded in July, 2016, WhackHack.com is a cyber security blog that covers important security issues affecting common users, industry and governments. It aims to create awareness among its readers about malware, hacking, encryption, identity theft, privacy, etc and also offer solutions to protect themselves from such attacks"

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

17 − fourteen =

Close