Simply Adding A Recovery Phone Number Stops Most Phishing Attempts, Claims Google Data
If you haven¡¯t set up a recovery number for your Google account, Gmail tends to remind you every so often when you log in. Now, it¡¯s easy to put off, constantly saying you¡¯ll do it later, but you¡¯re actually giving up a very efficient anti-hack tool.
If you haven't set up a recovery number for your Google account, Gmail tends to remind you every so often when you log in.
Now, it's easy to put off, constantly saying you'll do it later, but you're actually giving up a very simple and efficient anti-hack tool.
A recovery phone number doesn't just let you log in if you forget your password, it also lets you activate two-factor authentication as an added security precaution. Now, you may not take the benefit of that seriously, so Google has just released hard data to back up their claims of how effective it is.
Google's Security Checkup offers you the chance to activate a variety of features. In most cases, especially randomized attacks, an SMS verification can be enough to keep you secure. But even when a targetted attack bypasses that, a pop-up verification button on your alternate device can negate the attack, as shown below. In fact, Google can also do things like automatically block sign-ins it thinks are suspicious.
In fact, two recent studies presented at The Web Conference last week (an international academic conference to discuss the future of the Internet), show that simply adding a recovery phone number to an account blocks 100 percent of automated attacks, 99 percent of bulk phishing attacks and 66 percent of targeted attacks on average. It's pretty effective for something that takes you literally 15 seconds at most to set up.
In fact, if you're feeling particularly paranoid, Google has been suggesting users follow the example of company employees, who have for a while now been required to use hardware keys. These are USB sticks that act as physical keys when logging in. That way, even if a phishing attack steals their password, a hacker can't log into their account with the physical key as well.
Don't skimp on your security countermeasures guys. They'll be useless to you after you've already been hacked.