Just recently, Google has begun to stir people away from receiving the verification codes for the SMS two-step verification. Last week, when you try to sign in into your Google account, you may receive an invite from Google to start receiving prompts using the Google app instead of the verification codes sent on SMS.
Google is doing this because the new prompts are a lot better and more secure compared to SMS. In addition, they make the process of signing in to your account a bit quicker than before and definitely easier
So, what is the two-step verification?
Two-step verification or 2SV adds a layer of security to your online accounts; be it from Amazon, Google, to Facebook, Instagram or Twitter. The 2SV works like this: you have to enter your password which is the first step verification factor and after that, a verification code will be sent through SMS or a prompt using an authentication app, so this is the second step of verifying your account. So when someone tries to access your account, they have to find out what’s your password as well as the verification code to open your account. You see, it indeed adds a layer of security to your online accounts to prevent hacking and the likes.
But you might ask yourself, why does Google shun the two-step verification now? Well obviously, receiving verification codes through SMS is not as secure as anyone thought than using an authentication app. Hackers has already found a way to get past the 2SV by tricking carriers into porting a phone number to a new device which is called the SIM swap. This makes it easier for hackers to determine your verification code and makes it easy as knowing your phone number or the last four digits of your social security number, any information that gets leaked from time to time from banks or large corporations. So once a hacker is able to redirect your phone number, of course gaining access to your 2SV codes won’t be such a problem anymore.
In addition, the weaknesses in the mobile telecom system itself should also be considered. There’s an SS7 attack wherein the hacker could monitor through the cell phone system to listen to calls, intercept text messages and view your device’s location.
All the cases stated above should be reasons enough for you to stop using the SMS two-step verification. Which leads you to the question, if not 2SV, then what should you use instead?
There are lots of authentication apps you can use like the Google Authenticator, Microsoft Authenticator or Authy. Using these authentication apps means you don’t have to depend on your network carrier. So even if a hacker manages to port your number to a new phone, the verification codes stays in the app. And besides, the codes will expire in a matter of 30 seconds or so. Aside from that, the authentication apps are a lot faster and you only have to tap a button to verify yourself instead of having to wait for a couple of seconds or even a minute to receive your verification code or manually key in the six-digit code.
Needless to say, these authentication apps are a lot better in adding a layer of security to your online accounts instead of the typical 2SV since the risk of getting hacked is a lot slimmer when you use one. However, if you are used to using the two-step verification, then by all means you can use it as you please, just keep in mind the risks and repercussions when you do so, after all, it’s always better to be safe than sorry.