Android Devices Get Hack Attempt Alerts On-Screen

John Lister's picture

Users of Android smartphones and tablets will soon get an instant warning when somebody attempts to log in to their Google account. The notification comes as an on-screen message, rather than by email.

The new feature is designed to enhance two-factor authentication. That's an optional feature which means that if somebody tries to sign in to a Google account on another device, they will have to wait for a security code to be sent via email, text message or through a dedicated app so that they can continue to login to the account. If no code or the improper code is entered, then the account login will fail.

While two-factor authentication affects the person logging in (which could possibly be a hacker), the new notification alert is for anyone that legitimately owns the account. Currently, Google always sends an email to the account holder when somebody logs in from another device.

Email Warning May Be Too Late

This means that even if two-factor authentication isn't switched on and the hacker manages to get in to an account, the legitimate account holder gets a warning of a possible breach via email. The problem is that if the legitimate account owner doesn't check emails frequently, they may only see the warning after a hacker has done serious damage to the account (and possibly financial accounts). (Source: zdnet.com)

With the new notification alert, the warning will go instantly to any or all Android devices registered to the account. What precisely that looks like will depend on the user's settings, but in most cases it will be an on-screen message even if the device is locked, and a vibration - the same way as happens with an SMS text message. (Source: blogspot.co.uk)

One Tap Can Lock Account

The legitimate account owner will then be able to tap to see more details of the log-in, including the device make and model, the time of the log-in, the geographic location, and the browser with IP address. There will also be a one-tap option to lock the account on all devices. Choosing that option means all devices are logged out and the newly discovered device blocked, with the legitimate account owner then logging back in from a trusted account and changing the password if necessary.

What's Your Opinion?

Are you an Android user? Do you welcome this improvement to security? Can you foresee any drawbacks?

Rate this article: 
Average: 5 (4 votes)

Comments

Dennis Faas's picture

This is a great idea, but what defines the user as the "legitimate" or "main account"? Is it their geographical location (home / work)? I wonder this because one of my friends recently lost her $700 cell phone in a cab. Surprisingly, she was dumb enough not to have locked the phone, which meant that anyone - including the supposed cab driver - had full access to her phone. She even managed to communicate with the guy, who then promised to return her phone the following week, but never did.

So in a case like this, the guy had full access to her phone and could have locked all of her other android devices. That is a bit of a nightmare if you ask me. Perhaps if this new feature is turned on, it will require that the screen is locked before proceeding.

brifredav_4966's picture

Hang on Huston, we have a problem, not all oldies know how to operate their smart phones to the extent that they can tell the differences with the apps that appear on their desktops.

Doccus's picture

As a victim of this myself (and my dad, actually, too) I'd llike to see this extended to all users.. I've gotten notifications by email "A user in xhen xhiang tried to log in,.. is this you?" Well, er, NO! Luckily, I've been OK, but had I ignored the email it could have been different, Also it came some time after the attempt, so an IM would be an improvement.

Stuart Berg's picture

This sounds GREAT because two-factor authentication is not practical for me. I live where there is no cell service. Most (all?) two-factor authentication sends a text message for the authentication. Since 99% of my logins are made from home on my PC, it is completely impractical for me to authenticate each time I log in. So this sounds like a great way to be notified of a hack attempt since I do have WiFi Internet access at home and my smartphone is always on me.

P.S. I received the email below recently from the Social Security Administration. What makes me EXTREMELY upset is the part at the end that says "If you do not have a text-enabled cell phone or you do not wish to provide your cell phone number, you will not be able to access your my Social Security account.". What's up with that for those of us with no cell service at home?

Starting in August 2016, Social Security is adding a new step to protect your privacy as a my Social Security user. This new requirement is the result of an executive order for federal agencies to provide more secure authentication for their online services. Any agency that provides online access to a customer’s personal information must use multifactor authentication.

When you sign in at ssa.gov/myaccount
with your username and password, we will ask you to add your text-enabled cell phone number. The purpose of providing your cell phone number is that, each time you log in to your account with your username and password, we will send you a one-time security code you must also enter to log in successfully to your account.

Each time you sign into your account, you will complete two steps:

Step 1: Enter your username and password.
Step 2: Enter the security code we text to your cell phone (cell phone provider's text message and data rates may apply).

The process of using a one-time security code in addition to a username and password is one form of “multifactor authentication,” which means we are using more than one method to make sure you are the actual owner of your account.

If you do not have a text-enabled cell phone or you do not wish to provide your cell phone number, you will not be able to access your my Social Security account.