Quote:
Originally Posted by vgane
![View Post]()
Internet Companies nowadays rely on advertising, and user data is up for grabs, so privacy cannot be expected to be maintained online. Whether you choose to not use these services or not, as long as you are online, some online service is collecting data about you. For example, even if you are not a user of Facebook, its cookies embedded in just about every major website collects data about you, so when you create an account on Facebook, it already knows quite a bit about you.
Now, as for the novelty of this whole process, it is mostly about convenience. It is an improvement of two-factor authentication in that it only requires a notification to log in, whereas in two factor authentication, a code is sent and you need to enter it to confirm that it is really you. While in two factor authentication, the password is still an important facet of the process, in Google's new login methods, the password is not used at all. Instead of entering a password and then entering a code, you just enter your Email and you are logged in. Plus, there have been reports that two factor authentication is not as secure as it is hyped up to be (Source: http://krebsonsecurity.com/2012/06/a...uthentication/), which is why companies are looking for new login methods that are both more convenient and more secure.
For instance, two factor authentication is still affected by the security of the user's password, whereas Google's new login method somewhat bypasses that vulnerability (Even so, it is still not secure, because there's an option to enter a password. When the password is completely eliminated, that's when it will truly be a step up in terms of security over two factor authentication.). Google also has other login methods in the works, such as using inaudible sound to log in, which is actually novel and perhaps more secure than both. It is just a matter of these new technologies being adopted, and while we may never be completely secure, and our privacy is always up for grabs, a little fortification doesn't hurt.
Now, as for the novelty of this whole process, it is mostly about convenience. It is an improvement of two-factor authentication in that it only requires a notification to log in, whereas in two factor authentication, a code is sent and you need to enter it to confirm that it is really you. While in two factor authentication, the password is still an important facet of the process, in Google's new login methods, the password is not used at all. Instead of entering a password and then entering a code, you just enter your Email and you are logged in. Plus, there have been reports that two factor authentication is not as secure as it is hyped up to be (Source: http://krebsonsecurity.com/2012/06/a...uthentication/), which is why companies are looking for new login methods that are both more convenient and more secure.
For instance, two factor authentication is still affected by the security of the user's password, whereas Google's new login method somewhat bypasses that vulnerability (Even so, it is still not secure, because there's an option to enter a password. When the password is completely eliminated, that's when it will truly be a step up in terms of security over two factor authentication.). Google also has other login methods in the works, such as using inaudible sound to log in, which is actually novel and perhaps more secure than both. It is just a matter of these new technologies being adopted, and while we may never be completely secure, and our privacy is always up for grabs, a little fortification doesn't hurt.
I use Google Now and I know how they collect information and assist me. That is better than some other product which exposed information (one of their early forays in to social networking) that I never permitted them to broadcast. They quickly withdrew the product. The Google Glass tarnished Google's image (with coining of the term Glassholes of those using them) and they pulled them out of market.
Unlike in India, people in the west will kill a product's image if a company did not play fair with information they collect.
Two factor does not always mean that a code is sent that has to be entered. In fact in Microsoft implementation , they have an app that runs on all mobile platforms. The attempt to login to my microsoft account creates an alert in my phone and the app wants me to just tap an approval button. I still have to login to my phone (trust is transitive here) with my password for the phone. But tapping is all I have to do to send the code. Now Microsoft could very well eliminate the password to the account and will still satisfy the criteria for two factors - namely what you know (in this case password for the phone, account number ) and what you have (phone itself).