Jump to content

Add a recovery phone number to block automated hijack attempts: Google

The AchieVer

Recommended Posts

The AchieVer

Add a recovery phone number to block automated hijack attempts: Google

Study finds adding a phone number to a Google account blocks all automated attempts, 99% of bulk attacks, and 66% of targeted attacks.



(Image: Google)

Google has said the addition of a recovery phone number is able to block all automated bot attempts to access accounts via credential stuffing. 


The search giant conducted a year-long study with New York University and the University of California, San Diego that resulted in a pair of papers


"Our research shows that simply adding a recovery phone number to your Google Account can block up to 100% of automated bots, 99% of bulk phishing attacks, and 66% of targeted attacks that occurred during our investigation," researchers from Google AI said in a blog post


See: Google wants you to stop using its SMS two-factor sign-in


The researchers found using an SMS code as an extra factor of authentication stopped 76% of targeted attacks, 96% of bulk phishing, and 100% of automated bots. While using promptsimproves the numbers to 90% of targeted, 99% of bulk, and 100% of automated attacks. 


For perfect scores across the board, users should use a physical key


Also: Google to replace faulty Titan security keys


The researchers looked into 350,000 hijacking attempts on 1.2 million users across Google's 14 different login challenges. 


The team said 38% of users were not able to access their phone when needing the extra authentication factor, while in a scenario asking for secondary email address, 34% of users could not name it. Regardless of challenge method, over 94% of people in all instances were able to regain access to their account in a week. 


At last month's Google Cloud Next conference, the search giant said it wanted to use Android phones as security keys in the future. 


"Think of it like a security key in almost every modern Android phone ... a very easy-to-use form factor for over a billion users," Google Trust and Security marketing lead Rob Sadowski said at the time. 


"Having that as your authenticator really makes it easy to use and always available." 


However, Google recommends at least two security keys be registered, in case one is lost.




Link to comment
Share on other sites

  • Replies 0
  • Views 337
  • Created
  • Last Reply


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...