The idea of designing an authenticator was a welcomed idea from the beginning which was why it had a high acceptance rate. Since it was launched in 2011, Google 2FA has been downloaded and used by more than 10million users cutting across different industries where security of account holders is a priority. It has become as it were the industry standard for second layer security.
Research has shown that the extra layer of security it provides where it is enabled has successfully helped saved billions of assets and valuable personal information from going into the dark. A large number of financial custodial organizations - banks, insurance firms, e-commerce stores, CMS, social media platforms, and more recently blockchain companies have google 2FA integrated into their websites to allow the security conscious users protect themselves by enabling it.
Since the advent of the internet, it has witnessed radical waves of revolution in every decade leading to better, more advanced ways of using technology to the benefit of man. The current wave in serving today’s needs has been around decentralization of control in the financial sector, governments, commerce, and several other sectors. This move is necessitated by the need to remove the costly and sometimes unreliable (i.e. leading to data falsification/inaccuracy) middlemen in the different sectors mentioned above.
Surfing through the internet you’ll see stories of people who have been victims of phishing attack despite enabling Google 2factor. What happened in such a situation? Does it mean the Google authenticator is no more powerful? I wouldn’t say YES/NO, but it seems the hackers have been able to develop a technology that makes the powerful authenticator of yesterday become vulnerable today.
The only solution to avoid vulnerability that will put users at risk is to continually update your technology, but the sad story is that Google dropped active developmental work on the 2FA solution for the past 3 years without update on it. Let me at this point highlight some of the problems noted with Google authenticator.
ISSUES WITH GOOGLE 2FA
As noted above, it is disturbing to know that even Google employees and team members don’t use the security solution that they designed for their accounts (over 90% of Gmail account don’t have 2FA activated). That’s something that could be scary with the advancement in hacking technology, where some hackers have been able to come up with bots that can rapidly generate codes at the authenticator’s speed or more to be able to access or hack an account. In fact, someone recently designed a solution that works with reverse proxy called Modlishka. It can redirect the authentic code you input into a wrong site to the right site in split seconds to gain access to your account.
could it be that Google has become busier with developing other products and does not see the authenticator as needing much attention? we’re talking of millions of dependants becoming vulnerable here. It may not be far-fetched. Google have had a history of success and failure to date. Part of the failed/abandoned products in the past includes; Google Wave, Orkut, Google+, Google answers, Google Knol, Google Glass. Could the popular Google authenticator be towing the part of becoming an abandoned product too?
Both Google authenticator and Authy function with an algorithm called TOTP (Time based One Time Password). TOTP basically works by sharing a secret 6 digits’ code between the two parties involved which regenerates every 30 seconds. If anyone with your username and password can create a bot that rapidly outputs random numbers they may with less effort get access to an account. This is much easier for the hacker to achieve than hacking the blockchain network which is the basis of the Raindrop App.
Another important point is the case of SIM swapping associated with the mobile number which your Google account is tied to. This was seen just recently with the AT&T Sim hack in 2018 that led to $23.8 million lost in cryptocurrency. The Raindrop App does not work with your mobile number but with a unique ID which is tied into the blockchain. A sigh of relief right?
Competition in the technology product market is open to anyone who brings to market something much more robust or better once you observe a loophole. This seems like what the team at Hydrogen and project Hydro are trying to do by their recent release i.e. The Hydro Raindrop App. If a product would successfully replace the known authenticators like Google 2FA or Authy, it must come with specs that show superiority. Let’s consider what the Raindrop App boasts of as a fitting competitor/replacement for Google 2FA:
FEATURES OF HYDRORAINDROP APP:
Ease of Integration:
Google 2FA has proven to be much better than SMS code or email in securing accounts. Why do some companies still prefer to use either SMS or email? The tech teams of companies always complain that its quite difficult integrating Google 2FA into a site successfully without having to wait most times for support from Google’s end. Estimate shows that it takes an average of 3 days to get over with it if you’re eventually able to get it done.
This is different from the Hydro Raindrop App. It takes a maximum of 1 hour to get it integrated into any platform with active 24/7 support from the tech team at Hydrogen. To make it much easier they have designed a Raindrop plugin for WordPress and Joomla sites with others due to be released soon. This eliminates the need to write any code, it’s now as simple as plug and play so that the techie or on-techie person can integrate 2FA onto their site with little or no support.
The Hydro Raindrop App has brought a twist to the 2FA business. While Hydro Raindrop App is decentralized, Google 2FA is centralized. Decentralization seems to be the focus of the tech industry today. It’s an era where everyone wants to own their privacy. Decentralization eliminates the one point of failure problem since it is a network of thousands of computers working in sync all-around the globe to protect all users. Blockchain has within its short period of existence shown some superiority over centralized systems.
It is cost-free to implement. Customizing the features of the authentication app built on the raindrop protocol will only cost a small fraction if any organizations decide to do that.
The inertia to accept the Hydro Authentication solution being witnessed now can be likened to the same the internet and blockchain faced in their early days before organizations saw the potential in them. All things being equal, it means the app will be the go-to place in the near future.
It’s a wakeup call to all companies especially crypto exchanges, crypto investment companies where users need to do payment, transactions or login in a secure gateway to start the adoption drive by using the newcomer product.
Unlike Google 2FA and some other Google products that are banned in countries like China, Hydro Raindrop App works anywhere in the world where there is an internet connection. Integrating raindrop authenticator makes DNS spoofing, SIM Swapping, and Phishing sites a thing of the past. Blockchain companies would be better off using blockchain products like the hydro authenticator than using their centralized counterparts.
On a personal note, I’ll choose the Raindrop authenticator any day, at least since I won’t be racing to use the 6 digits’ code before the 30seconds expiration.