Two-factor authentication has had a bad couple of weeks. Not only was a prominent developer, Justin Williams, forced to defend a phishing attack against him to PayPal and AT&T, but it's becoming increasingly clear that SMS-based two-factory authentication is a new vector for hacking.
As a result, Google is doing something about that: since SMS-based two-factor authentication is more susceptible to phishing attacks — someone could potentially intercept a text message or clone a SIM card, as is what happened with Williams — the company wants people to switch to prompt-based verification:
Basically, prompt-based verification is secure, and cannot be intercepted since it runs through Google Play Services. The only way this could potentially be a security issue is if someone steals a phone that is registered to accepts 2FA prompts from Google, but it's really easy to deregister a device from any web browser should that unfortunate event occur.
Sign up for Black Friday email alerts!
Get the hottest deals available in your inbox plus news, reviews, opinion, analysis and more from the Android Central team.
Daniel Bader was a former Android Central Editor-in-Chief and Executive Editor for iMore and Windows Central.