Google seeks to get rid of SMS authentication
The SS7 protocol used by the various telecommunication operators to communicate with each other has demonstrated in the past that it was vulnerable enough to allow hackers to intervene intermediately and thus bypass double-factor authentication. It is enough, for example, to define oneself as an “operator” in any country in the world in order to find itself at the heart of the system. A few thousand dollars allow posing as a new operator in the market, so it becomes urgent that a secure alternative becomes democratic because new forms of delinquency will emerge from this vulnerability.
Google no longer trusts double SMS authentication
Concretely, when making a payment or connection to a service using this double authentication, which appears very safe to the user, the “operator” hackers receive the SMS, redirect to a terminal abroad to conduct their misdeeds. The user could not know that he was targeted before being a victim.
Google suggests dual authentication by sending a notification to the user’s phone. You say, what changes what? In reality, this is done via the Internet and not through the telephone network, which allows better security. In addition, a user can receive a complete report of the connection attempt, including date, time, terminal, location, and so on. Valuable clues that will make it easier to go up the rogue networks for the authorities.
The new double-factor authentication device is considerably safer than the SMS and we should see him land on Android in a few weeks. Google has not forgotten the users of iOS and offers them the functionality through the iOS version of Google Search.