These days, using a password alone to secure user accounts containing sensitive, identifiable, or private information just isn’t sufficient. Passwords are often subject to reuse and can easily be phished and stolen. 

With this in mind, we recently teamed up with researchers from New York University and the University of California, San Diego to find out just how effective basic account hygiene is at preventing account takeovers. The research showed that simply adding a SMS as a second factor to a Google account can block up to 100% of automated bots, 96% of bulk phishing attacks, and 76% of targeted attacks that occurred during our investigation.

To help you enhance the security of your apps and protect your users, Identity Platform now supports multi-factor authentication (MFA) with SMS in beta.

Configuring MFA in the admin console.png
Configuring MFA in the admin console.

You can now configure Identity Platform to require users who attempt to login to your application to self-enroll in MFA—also known as two-factor authentication (2FA)—and register a device that is capable of receiving SMS messages. When users attempt to sign-in to your app with their first-factor credential (email/password, social login, SAML, OIDC), Identity Platform will require them to enter the six-digit authentication code that it sends via SMS to their registered devices before they can sign-in to your apps and services. 

Getting started

You can learn more about this new feature by checking out the documentation page. To get started with Identity Platform, enable it in GCP Marketplace, watch our Cloud Next ‘19 presentation, and read the quickstart.


Source: Google Cloud Blog