Google is working on a new 2FA authorization feature that will be based on QR

Nowadays Account security is no longer exclusive to corporate accounts or work environments, given that as time goes by our accounts are increasingly linked to our personal data, tell each other identifications, bank details, social media accounts, among others.

It is because of that online security is more important and relevant every day and on the other side of the coin where cybercriminals enter, they are constantly being renewed inventing and discovering new ways to violate accounts and they will stop at nothing.

Given this, two-factor authentication is absolutely necessary to keep personal information safe.

Even more importart, since social networks are a very important projection of a person's personality, access to these accounts by hackers is much more harmful than in the early 2000s.

On Google it has been around for quite some time, un strict two-factor authentication system. Every time you log into a new device a suspicious number of times without verifying their presence through another verified device, Google ends up blocking the person if two-factor authentication is not immediately provided.

While this can be awkward in certain situations, like connecting to a new device without your phone nearby, the added security is worth it.

Google It has even extended 2FA to the Chrome browser for Android devices. If users try to log in elsewhere, all they need to do is use their smartphone's browser and press the volume key (when prompted by the device) for verification to complete.

For those who are still unaware of this additional security mechanism "2FA" should know that it is an additional layer of security which is used to ensure that people trying to access an account online are who they say they are.

To understand its use a bit, we will take a snippet from Authy page (Which by the way is an excellent multiplatform 2FA tool that allows you to recover your access data whether you link your phone number or email, which is a plus compared to others where if you lose the device or change without move your information, it is lost along with your accesses)

First, a user will enter their username and password. Then, instead of immediately gaining access, they will be asked to provide other information. This second factor could come from one of the following categories:

Something you know: It could be a personal identification number (PIN), a password, answers to "secret questions," or a specific pattern of keystrokes.
Something You Have: Typically, a user would have something in their possession, such as a credit card, a smartphone, or a small hardware token.
Something That You Are: This category is a bit more advanced and may include a biometric pattern of a fingerprint, an iris scan, or a voiceprint.

With 2FA, a potential compromise of just one of these factors will not unlock the account. So even if your password is stolen or you lose your phone, the chances of someone else having your second-factor information are highly unlikely. Looking at it from another angle, if a consumer uses 2FA correctly, websites and apps can have more confidence in the user's identity and unlock the account.

However, It seems that the tech giant is not content with that and is testing a new version of 2FA. Specifically, an approach that uses QR codes, now that almost any smartphone can easily scan them. QR codes as a form of authorization or verification are not necessarily a new technology.

Understanding this, we can understand a little more about the new change made by Google with a new flag experimental in Chrome for Android, which is paraded under the name of "Web Authentication cable v2 QR codes".

This is, at the moment, the only information available on the subject, as the experimental functionality has not yet been implemented.


Be the first to comment

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.