A Google study has demonstrated the effectiveness of multifactor authentication as a tool to prevent account piracy.
A recent Google study reveals that simply associating your Google account with a phone number to retrieve access by sending code via SMS can block 100% of bots, 99% of mass phishing attacks and 76% targeted attacks. For the two factor authentication/ this is a very important aspect.
We always recommend users to use two-factor authentication (2FA) in each of the services and accounts, which is possible. This is a feature that adds an extra layer of security and makes it more difficult for third parties to access our accounts if our access credentials are stolen or leaked due to a security breach affecting a service we use. The recent report released by Google confirms that its use is very effective in preventing misuse of accounts.
- Conducted jointly with researchers from New York University and the University of California at San Diego, this study requested data collection for one year, primarily on large-scale and targeted attacks. The purpose of the research was to demonstrate the effectiveness of basic eHealth practices in preventing cybercriminals from hacking user accounts.
- For those who do not know, Google automatically adds an extra level of security to prevent a third party from accessing a user’s account without their consent. So, whenever Google identifies suspicious behavior when it wants to access an account, whether it is a new location or a device on which it has never connected to one of his accounts before, Google requests additional information to prove that the one who tries to connect to the account is indeed the owner.
In the same way that the telephone number is used to send code by SMS and establish a two-factor authentication dynamic, it is possible to obtain a similar level of protection using the 2FA, but through the device (rather than SMS). According to the study, although they have similar results to SMS authentication, sending device-based confirmation messages is safer. In this sense, sending confirmation messages across the device can be useful for preventing 100% of attacks caused by automatic robots, 99% of mass phishing attempts and 90% of targeted attacks. In this last point is that the device-based two-factor authentication offers better results than that based on the SMS message, which had an efficiency of 76%.
As the company explains on its security blog , the study investigated criminal groups that, for about US $ 750, offer customers access to a specific account. These groups usually rely on sending targeted phishing emails claiming to be a parent, colleague, or Google itself. If targets do not fall into the trap on the first attempt, targeted phishing emails will continue to be sent for about a month.
As the data from this one-year study shows, associating a phone number with your Google account alone can prevent up to 66% of targeted attacks. It is therefore strongly recommended to enable the SMS or device based dual authentication factor. The vast majority of services used by users have this security feature, whether social networks such as Instagram, Twitter or Facebook or games like Fortnite.