Why Two-Step Verification Is So Important For Your Online Accounts?

Personal data of users is always under constant threat and it becomes essential for the users to think of ways to protect their data and for service providers to safeguard the privacy of their users. Sophisticated attackers may compromise third-party apps or impersonate your credentials and gain access to your online accounts. While many people consider using strong or unique passwords, there are other high-grade defenses available as well. More than often, cybersecurity experts talk about the significance of two-step verification in the matters of data security.

Two-step verification adds an additional step to your usual log-in process and efficiently shields your personal information from getting stolen by the cybercriminals.

Two-Step Verification - Why is it Important?

Recently, Google conducted research in collaboration with New York University and the University of California, San Diego to come up with some fascinating findings.

This year-long research on the nature and causes of cyber attacks revealed that by adopting the practice of two-step verification, i.e. by simply adding your phone number to your account, can prevent up to 99% of the phishing attacks, block almost 100% of the automated bots and 66% of all the targeted attacks.  


Account takeover prevention rates

Image credits - Google Blog

Whenever some suspicious activity is detected, Google asks for additional information or some kind of proof before letting you sign-in to your account. In order to gain additional information or proof, Google uses device-based and knowledge-based challenges. If you have enabled two-step verification, they can protect your accounts through the more reliable device-based challenges like SMS codes, on-device prompts and security keys.


The research found that SMS codes sent to the recovery phones of users blocked almost 100% of the automated bots, 99% of the phishing attempts and 90% of the targetted attacks.

In case you have not added a recovery phone for some reason, Google then uses the weaker knowledge-based challenges like recalling your last sign-in location. However, protection rates decrease drastically when two-factor authentication is not enabled. The knowledge-based challenges prevented only 10% of the bulk phishing attacks and almost none of the targeted attacks.  

Two-step verification

Image credits - Google Blog

Given the benefits of two-step verification, people might think why it is not used in all sign-in attempts? Well, it may be a bit frustrating and people aren’t always ready for that.

Security challenges add friction to the sign-in process and in many cases may also result in account lockouts. In an experiment, researchers found out that 38% of the users did not have their phones with them and 34% could not remember their secondary email accounts. However, 97% of these users eventually gained access to their accounts by logging in from their other trusted devices. For high-risk users, Google suggested using their Advanced Protection Program where highly advanced security keys are employed.

It may seem a bit annoying at first, but adding an extra layer of protection to your online accounts can go a long way. Even the most basic two-factor protection may save you from the devious attacks of the hackers. Without a doubt, two-step verification is the best and the easiest security advice anyone could give you.      


Published on May 28, 2019
Subho Halder
Written by Subho Halder
Subho Halder is the CISO and Co-Founder of Appknox. He started his career researching Mobile Security. Currently, he helps businesses to detect and fix security vulnerabilities. He has also detected critical loopholes in companies like Google, Facebook, Apple, and others


Chat With Us

Using Other Product?

Switch to Appknox

2 Weeks Free Trial!

Get Started Now