The forced recruitment initiated at the end of 2021 seems to be bearing fruit. As announced last October, Google forced 150 million of its users, as well as two million YouTube creators, to activate a second authentication factor. According to the company, this operation has halved the number of account compromises on this sample of users.
This is both good and bad news. Good, because improving the level of security is really important. Bad, because unfortunately there is still a long way to go. These figures show that two-factor authentication does not provide complete protection. Indeed, hackers have – for several years – developed techniques that allow them to get their hands on the famous single-use codes that can be received by SMS or by a dedicated application.
Also see video:
To achieve this, hackers will, for example, hijack a mobile line in order to intercept text messages. They can also apply social engineering scenarios to trick the user into transmitting these secret codes. To counter this type of attack, it is best not to use single-use codes. This is why Google recommends using a physical authentication factor like a security key or an Android smartphone. To achieve their ends, hackers would then have to be able to steal the equipment in question.
As a reminder, it is easy to activate two-factor authentication on your Google account.
Source : google