Google to make 2-factor authentication compulsory

Users will also receive notifications when risky actions are carried out on Android devices.

Google plans to make 2-factor authentication compulsory for all users, and display notifications when "risky" behaviour is carried out on Android devices.

Eric Sachs, group product manager at Google said the firm is making aggressive changes to its login system, as he detailed in a five year plan.

"The users who have not enabled our strict 2-factor login will be will be asked to pass a 2-factor challenge on nearly all sign-ins," he noted in a draft of the Stronger Consumer Authentication report.

"If they [users] don't have their phone with them they can still go through account recovery (which requires changing their password), and we will experiment with allowing them to pass some other risk-based challenges without needing to change their password."

Sachs noted that Google is experimenting on displaying notifications to users when risky behavior is carried out. Users logging in from an unusual location or transferring/withdrawing substantial sums of money, will be required to pass advanced authentication such as knowledge tests, facial recognition scans, or even a fingerprint test.

"We are beginning to experiment with apps on the phone that display notifications about risky behavior on an account.  In some cases, the user might even need to give approval within that app before a risky action can be approved, such as a login to the account from an unusual location."

He also noted that Google will also be producing stronger hardware and promote the ChannelID open standard when it comes to bearer tokens, to help prevent accounts being compromised.

"The biggest issue is that the bad guys evolve as well. They have found ways to make money off hijacked accounts, and so are willing to use more complicated approaches to get those accounts." he added.

"Hopefully within 5 years all of these approaches will also have similar success to the efforts if the past 5 years." 

Featured Resources

Virtual desktops and apps for dummies

An easy guide to virtual desktop infrastructure, end-user computing, and more

Download now

The total economic impact of optimising and managing your hybrid multi-cloud

Cost savings and business benefits of accelerating the cloud journey

Download now

A buyer’s guide for cloud-based phone solutions

Finding the right phone system for your modern business

Download now

What’s next for the education sector?

A new learning experience

Download now

Recommended

Data breaches increase by a third as staff continue to work from home
cyber security

Data breaches increase by a third as staff continue to work from home

17 May 2021
What is phishing?
phishing

What is phishing?

17 May 2021
Cisco to acquire threat intelligence provider Kenna Security
Acquisition

Cisco to acquire threat intelligence provider Kenna Security

14 May 2021
What is the Computer Misuse Act?
Policy & legislation

What is the Computer Misuse Act?

14 May 2021

Most Popular

KPMG offers staff 'four-day fortnight' in hybrid work plans
flexible working

KPMG offers staff 'four-day fortnight' in hybrid work plans

6 May 2021
Hackers use open source Microsoft dev platform to deliver trojans
Security

Hackers use open source Microsoft dev platform to deliver trojans

14 May 2021
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

30 Apr 2021