By introducing a new prompt feature Google has simplified its two-step verification process for Android and iOS users. To make use of Google Prompt, iOS users have to install the Google search app but Android users do not have to do any such thing as they already have a pre-installed Google Play service. Google has announced that the feature might take three days to start functioning properly.
Users will only have to approve the prompt by verifying and signing in when it is introduced. According to pc Tablet the prompt will read “Are you trying to sign in?” followed by details of the device being used to sign in. This can be approved by simply choosing yes or no. They will still be enjoying the earlier three options of confirmation email, confirmation SMS, and security key. By navigating to My account- sign in & security- 2-step verification these features will be accessible from the Google account. Soon all the details will be available on the help page.
As hackers can take advantage of the vulnerable Signaling System Seven SS7 that is used by carriers to exchange information to intercept any SMS message or call that one may get, SMS two-step verification has become less reliable. The same result can be used by social engineering to transfer phone numbers. The feature first checks whether a certain phone belongs to the owner of the account, and then through the Play Services framework it sends a prompt to know whether it is the owner that’s trying to connect to a Google account. In due course Google may release an API to enable the developers to use it so that it provides them with this sort of verification for their mobile apps as well as Chrome apps. However secure this may sound, we should remember that the feature is dependent on Google server’s security, so if in any way the Google’s servers are hacked, then this authentication method will also become useless.
