This week, the company announced that it s switching out the annoying and hackable six digit code with a simple yes or no button.
This is a great move.
Furthermore, Google s update makes two-step verification less of a pain in the ass.
In scenarios where you receive a text with a verification code on your phone which is often the default setting , a hellbent hacker could socially engineer your carrier to forward text messages to their phone by calling the customer service and pretending to be you.
So after the hacker has tricked some poor customer service rep, they can log in with your username and password, probably stolen from some leaked database, and then get you two-step verification code sent to their phone and boom, they re in.
For example, Black Lives Matter activist DeRay McKesson had his Twitter account stolen this month because a hacker used a similar method to gain access to his account.