Tag Archives: authentication
Google recently introduced a new setting for 2-Step Verification (2SV). They are hoping the new setting called ‘Google prompt’ will make it easier for more people to use multi-factor authentication security. Currently, 2SV allows you tap a Security Key (such as the U2F YubiKey) as well as entering a verification code sent to your mobile phone. You can also use the Google Authenticator app.
Google prompt allows you to approve by tapping a ‘Yes’ prompt that will pop up on your mobile phone. You can access 2-Step Verification from your computer, Android device or iPhone, but only if you have a Google account. In addition Android devices will require the latest Google Play Services (2SV is part of Play Services) and iPhone 5S or later the Google Search app.
It’s important to note that the Google prompt setting is designed as an alternative second step to either using a Security Key or receiving a voice or text message.
The process below is the same whether you use an Android device, iPhone 5S (or later) or computer.
How to enable Google prompt
- Settings > Google > Sign in & security > Sign in to Google https://myaccount.google.com/security
The Android Twitter app (up to and including the latest version 5.36.0 available on Google Play) allows users to setup ‘Login verification’ which requires a mobile number to verify all login requests to Twitter mobile or Web apps.
‘Login verification’ will allow you to manage who and where a login request was made. Note: You will only be able to login to Twitter mobile or Web with the device you set up ‘Login verification’ with. If you lose your mobile then you can visit https://twitter.com/settings/devices and delete your device (you will also have to login).
Let’s now set up ‘Login verification’:
- Open > Android app and tap > Settings (top right)
- Tap > Settings > then tap > @(your twitter name)
- Scroll down and tap > Security – you will now see a prompt “You must have a phone associated with your Twitter a/c to use this feature”
- Click > Add phone and the native browser opens to https://mobile.twitter.com/session/new which will ask you for your Twitter login credentials
- Type in your Twitter username and password then tap > Login
- Next go to > Settings and register your mobile number and click > Save (use + before your number)
Google is looking to add an additional layer of security to its Google Apps service (which is for business and enterprises not consumers) by blocking unauthorised use of these services. Users of Google Apps will be required to to verify their identity with a SMS if Google detects a suspicious login.
The suspicious login attempt might occur when you attempt to login from a different country for example. Not all users will have signed up for this service i.e providing a mobile number. If you haven’t shared your number with Google, Google will prompt you to share it if a suspicious login is detected. If your mobile phone doesn’t is unavailable due to poor reception then there will be an alternative challenge. I’m not sure what this will be right now. Might be Web based (see bootnote).
Google will send your mobile device a challenge code via SMS to verify that it is you that is attempting to login to one of Google’s Web Apps. For those of you who don’t know, Google Apps comes with a $50 per-person-per-year cost which allows people to use Gmail, Google Calendar, Google Docs, Google Sheets, and Google Slides. Google knows that the personal identifier is the mobile device, so it makes sense to roll out a two factor authentication service for Apps.
Several users have contacted me regarding problems connecting to Google Play “My apps”. The problem involves a well documented “Authentication is required. You need to sign into your Google Account.” This is a bug. It occurs if you have more than one Google account. The problem happens if your primary account isn’t authenticating, and the Google Play app decides the other account(s) are primary. This causes an authentication conflict.
You have two options to fix this problem.
- Remove the non-primary account linked to your Google Play account – tap and hold and tap > Remove account
- Remove all accounts in > Settings > Accounts > Google – as above
- Once you remove the accounts, reboot the device
- Once device has re-booted add your primary Google account (you will need your email and password)
You might also experience the above problem if you have one Google account. If you do, you can choose to remove the offending account as above and add the primary account after reboot. Various forum comments suggest using the “Stop” function in running apps (this is meant to clear the cached background process) > tap “SHOW CACHED PROCESSES” for Google Play Store (his was done on a Nexus 5 running 4.4.2) but this will not work.
BlackBerry Picture Password is a very useful security enhancement to the BlackBerry 10 system. We have been testing this feature out since it’s launch here in the UK last week. It’s been working well for us, in place of the passcode login we’ve been so accustomed too.
This type of authentication significantly decreases the possibility of someone shoulder surfing you. We challenged some people to guess the number, but they couldn’t even after 5 attempts. This is definitely appears a more secure option than pattern-based authentication.
Picture Password allows a user to unlock the phone using both an image and unique number. When a user tries to unlock the device, the picture will appear along with a grid of random numbers. To unlock the device, you will have to drag the numbers grid so the number selected overlays the correct point on the image.
How to set up Picture Password:
- Go to > Settings > Security and Privacy > Device Password > Enable Picture Password
- You will be asked to enter your password/passcode, click > Next
- Choose a stock image (there are 8 to choose from) then select a number from 0-9