Today's Hard|Forum Post
Today's Hard|Forum Post

Monday February 25, 2013

Bypassing Google’s Two-Factor Authentication

Here's how an attacker can bypass Google’s two-step login verification and gain full control of your account by capturing a user’s application-specific password ASP.

We think it’s a rather significant hole in a strong authentication system if a user still has some form of "password" that is sufficient to take over full control of his account. However, we’re still confident that آ— even before rolling out their fix آ— enabling Google’s 2-step verification was unequivocally better than not doing so.