Google’s security tools can shield from cyber-attacks
The search giant has been pretty vocal about the importance of these features, but now, instead of urging users, it has released hard stats revealing how useful these capabilities can really be.
Let’s take a look.
Adding phone number can fend off bot-based attacks.
Researchers from New York University and the University of California, San Diego partnered with Google to assess at the impact of its security tools in preventing hijack attempts.
The results, presented recently at The Web Conference, revealed that simply adding a recovery phone number to Google account helped block a 100% bot-based attacks, 99% of automated phishing attacks, and 66% of targeted attacks.
Two-factor authentication offers highest security.
Google has been saying this for years and the stats prove it – two-step verification is the securest offering right now.
The studies reveal that using phone number-based 2SV (SMS verification) blocked 100% of automated bots, 96% of bulk phishing attacks, and 76% of targeted attacks.
Meanwhile, on-device prompts prevented 100% of automated bots, 99% of bulk phishing attacks and 90% of targeted attacks.
Security key offers strongest shield.
Notably, among all two-step verification methods, using a physical security key proved to be the strong account shield. It blocked all kind of attacks with a 100% success rate.
Google also showed what happens when you don’t use 2SV.
The same study also measured the effectiveness of default sign-in verification techniques, like last location signed-in or your secondary email.
These knowledge-based methods are used when the company detects a suspicious sign-in attempt, say from a new device/location, and you don’t have a 2SV on.
The results showed these methods can block bot-based attacks but can fail miserably against phishing or targeted hijack.