Google has simplified its two-step verification process for Android and iOS users by introducing a new prompt feature. While Android users already have a pre-installed Google Play services, iOS users have to install the Google search app to make use of Google Prompt. Google has announced that the feature might take three days to see the daylight.
When it is introduced, users will only need to approve the prompt to verify and sign in. The prompt will read “Are you trying to sign in?” followed by details of the device being used to sign in. This needs to be approved by simply choosing yes or vice-versa.
The earlier three options (confirmation email, confirmation SMS, and security key) will still be available. These features are accessible from the Google account by navigating to My account- sign in & security- 2-step verification. The help page will soon have all the details.
SMS two-step verification has become less reliable because hackers can take advantage of the vulnerable Signaling System Seven (SS7) that is used by carriers to exchange information to intercept any SMS message or call that one may get. They can also use social engineering to transfer phone numbers, with the same result.
The feature seems to check that a certain phone belongs to the owner of the account, and then it sends a prompt through the Play Services framework to know that it’s the owner that’s trying to connect to a Google account.
Google may eventually release an API so that developers can use it to enable this sort of verification for their mobile apps and Chrome apps, as well. The feature is dependent on Google servers’ security, so as secure as it sounds, if at all Google’s servers are hacked, then this authentication method could also be rendered useless.