Google's security tools can shield you from cyber-attacks: Details here
Google has long been asking users to enable its security tools for shielding all its services - from Gmail to Google Photos - from hacking attempts. The search giant has been pretty vocal about the importance of these features, but now, instead of urging users, it has released hard stats revealing how useful these capabilities can really be. Let's take a look.
Researchers from New York University and the University of California, San Diego partnered with Google to assess at the impact of its security tools in preventing hijack attempts. The results, presented recently at The Web Conference, revealed that simply adding a recovery phone number to Google account helped block a 100% bot-based attacks, 99% of automated phishing attacks, and 66% of targeted attacks.
Google has been saying this for years and the stats prove it - two-step verification is the securest offering right now. The studies reveal that using phone number-based 2SV (SMS verification) blocked 100% of automated bots, 96% of bulk phishing attacks, and 76% of targeted attacks. Meanwhile, on-device prompts prevented 100% of automated bots, 99% of bulk phishing attacks and 90% of targeted attacks.
Notably, among all two-step verification methods, using a physical security key proved to be the strong account shield. It blocked all kind of attacks with a 100% success rate.
The same study also measured the effectiveness of default sign-in verification techniques, like last location signed-in or your secondary email. These knowledge-based methods are used when the company detects a suspicious sign-in attempt, say from a new device/location, and you don't have a 2SV on. The results showed these methods can block bot-based attacks but can fail miserably against phishing or targeted hijack.
Google says that the prevention rate of phishing and targeted attacks can fall below 10% because hackers can trick you into giving away such information and feed it into Google.
