Google is planning on getting rid of SMS two-factor authentication for Gmail to address a myriad of security issues.

In a concerning revelation, multiple information-stealing malware families are exploiting an undocumented Google OAuth endpoint named “MultiLogin” to revive expired authentication cookies ...

Google will instead introduce on-screen QR codes that will have to be scanned with your chosen authentication device in order to verify that it is actually you trying to log in.

Google is downplaying reports of malware abusing an undocumented Google Chrome API to generate new authentication cookies when previously stolen ones have expired.

Google has removed its Authenticator app from Apple's App Store after reports that the freshly updated version wiped stored tokens tied to online accounts, preventing users from authenticating them.

[Patrick Schaumont] shows how a TI eZ430 Chronos Watch can be used to generate authentication tokens. After walking through the process he uses it to beef up his gmail login.