Two-factor and multi-factor authentication historically have been based on using two or more of three criteria: something you know (passwords), something you have (security token) or something you are (biometrics such as fingerprints). There have been two new additions to MFA criteria: something you do (keyboard cadence or mouse movement), and somewhere you are (geo-location through GPS or public IP address).
Google has been busy heightening the security for it’s account holders and has several new security offerings that are using the new categories.
Google Titan – We have already published an article about Google Titan, their new FIDO compliant U2F security key. Although I have relied on LastPass for two-factor authentication, I have decided to add a U2F key to the mix for redundancy. This way if I lose access to LastPass for some reason, I have another method to unlock my accounts.
reCAPTCHA v.3 – Google has also updated their reCAPTCHA to version 3, which is based on modeling the way that users interact with a site, including things such as keyboard cadence, mouse patterns, and geo-location information. This will mean no more solving “I am not a robot” puzzles on website where this feature is deployed. If you are a web developer or site operator who is interested in this feature, Google has information for you on their website.
If google determines that your account was fraudulently accessed, you will need to confirm recovery information such as phone numbers, email addresses, or knowledge based questions and answers for unauthorized changes. You will also be asked to look for unauthorized financial activity on your account, or unauthorized access to Google Drive or third party sites where you use Google to log in. You can see what options are available for you on Google’s “Secure a hacked or compromised account” page.
I know we just took Google to task for its Big Brother-like omnivorous surveillance and data collection practices. Google is also a bit like a nicer, gentler, lower-case big brother who looks out for you and protects you from danger. A little bit of Jekyll, a little bit of Hyde, and pretty much unavoidable if you own an Android phone or use the Internet. But these features are good news for those of us with Google accounts.