Skip to Main Content

Don’t have your account hijacked. Secure your online accounts with more than a password, says Google


Research finds that the typical user can significantly harden the security of their online accounts by linking a recovery phone number that can send an alert if there is suspicious activity on the account.

2-1___2FA-red.png

Research published at the end of last week argues that the typical user can significantly harden the security of their online accounts by linking a recovery phone number that can send an alert if there is suspicious activity on the account.

The research, conducted by a team from Google alongside researchers from New York University and the University of California, San Diego, found that when a Google account was linked to a phone, account takeover attacks by automated bots were prevented 100% of the time.

What is more, as a blog post from Google’s security team describes, there’s clear evidence that using two-step verification via a smartphone can help prevent the majority of vast majority of even targeted account takeover attacks.

Google claims that during its study it found no users who exclusively used hardware security keys to authenticate logging into its online services fell victim to targeted phishing attacks.

Securely protecting an email account is, of course, of paramount importance to even the typical internet user as it is the centre of their online life.

A compromised email account doesn’t just allow a malicious hacker to peruse through your private communications, steal the addresses of contacts, and even send emails appearing to come from a particular individual. It also opens a backdoor into other online accounts, many of which will be using your email address as your username, and be willing to send the hacked email account a password reset link.

And if, for any reason, you haven’t shared your number with Google and enabled a recovery phone number to harden the security of your account, automated bots can still often be defeated through knowledge-base challenges (such as asking you to confirm your last sign-in location or secondary email address if you are logging in from a different device or part of the world).

Unfortunately, such information can itself be coaxed out of unsuspecting users in phishing or targeted attacks which aim to trick users into revealing additional identifying information.

Always enable 2-factor authentication, or at least have  some additional level of security enabled if possible – even if it’s just an additional security question asking you a question that a hacker is unlikely to know the answer to.

Some hackers are getting more devious and more sophisticated in their attacks. It’s time for you to modernise how you protect your accounts against them.

 

 

https://hotforsecurity.bitdefender.com/blog/dont-have-your-account-hijacked-secure-your-online-accounts-with-more-than-a-password-says-google-21178.html#new_tab