"Google Taps Smartphone's Bluetooth to Foil Phishing Attempts on User Logins"

To prevent hackers from successfully infiltrating online accounts, Google will start utilizing the Bluetooth functionality on users' smartphones to verify the legitimacy of logins. The effort was recently announced at Google I/O, highlighting the threat of increasingly advanced phishing attacks by hackers. A user can enable two-factor authentication (2FA) on their online accounts, requiring anyone logging in to provide both the correct password and a one-time passcode usually generated on the user's smartphone. However, Google points out that hackers are continuing to find new ways to bypass 2FA systems. For example, there have been cases where hackers tried to trick users into handing over their on-time passcode by sending a fake text message from the account provider. In some cases, attackers have sent links to users that directed them to fake websites capable of stealing and reusing login credentials, including a victim's 2FA code in real-time. In these attacks, a user may think they are logging into the intended site, just as in a typical phishing attack. According to Google, a phisher can deploy a web service that logs into the actual website while the user is falling for the phishing page, instead of setting up a phishing page that saves the victim's email and password when they log in. Such phishing attempts highlight a weakness in traditional 2FA systems. If a hacker is skilled enough, they can still remotely trick the victim into solving any authentication challenge during the login process. Google's solution requires a user to be physically close to the computer when logging into their online account. The company achieves sign-in request authentication through the Bluetooth functionality on the user's smartphone. This login method is different from generating a prompt on the user's smartphone to verify the login as it uses Bluetooth to ensure the phone is close to the device that the user is logging into. This helps prevent distant attackers from tricking users into approving a sign-in on their browser. This article continues to discuss how Google's Bluetooth-based login method will help thwart phishing attempts on user logins.

PCMag reports "Google Taps Smartphone's Bluetooth to Foil Phishing Attempts on User Logins"