Google’s own data proves two-factor is the best defense against most account hacks

Every once in a while someone will request me what is the best security counsel.

The long reply is “it depends on your risk version,” which is just a fancy route of saying what’s good security counsel for the vast majority isn’t necessarily what nuclear scientists and government spies demand.

My short reply is, “turn on two-factor.” Yet, nobody believes me.

request almost any cybersecurity skillful and it’ll likely grade as more important than using distinctive or tough passwords. Two-factor, which adds a more stride in your usual log-in process by sending a distinctive code to a gagdet you own, is the greatest defense between a hacker and your online account data.

But don’t take my word for it. Google data out this week shows how priceless even the weakest, simplest form of two-factor can be against attacks.

The research, with assist from brand-new York University and the University of California, San Diego, shows that any gagdet-based compete — such as a text message or an on-gagdet prompt — can in nearly every case prevent the most common kind of mass-scale attacks.

Google’s data showed having a text message sent to a person’s phone prevented 100% of automated bot attacks that use stolen lists of passwords against login pages and 96% of phishing attacks that attempt to steal your password.

Account takeover preventing rates by compete type (graphic: Google)

Not all two-factor options are created equal. We’ve explained before that two-factor codes sent by text message can be intercepted by semi-skilled hackers, but it’s still good than not using two-factor at all. Its next best replacement, getting a two-factor code through an authenticator app on your phone, is far more secure.

Only a security key, designed to preserve the most sensitive accounts, prevented both automated bot and phishing attacks but also highly targeted attackers, typically associated with nation states. Just one in a million users face targeted attackers, Google said.

For everyone else, adding a phone number to your account and getting even the most basic two-factor set up is good than nothing. good yet, go all in and shoot for the app.

Your non-breached online accounts will thank you.


Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *