谷歌是如何识别＆QUOT;可信设备和QUOT;与两步骤验证 [英] How does google recognize a "trusted device" with 2-step verification

问题描述

假设你已经注册了您的设备符合谷歌两步验证，它使用什么信息，以验证您是该设备上，当你回来的网站？

Assuming you have registered your device with Google 2-step Verification, what information does it use to verify that you are on that device when you come back to the website?

它是否存储在计算机上的东西（如饼干），或者它使用一些其他的算法来确定你在哪里登陆？

Does it store something on your computer (like a cookie), or does it use some other algorithm to determine where you are logging in from?

推荐答案

它存储的有关与服务器您的通话信息的各种位。 SSL Cookie，会话数据，如您的IP地址以及您的浏览器的其他信息。当您更改这些信息，进行风险评估值从原先已知值的变化随着偏差。一旦该值达到一定的阈值，根据贵国的在线风险状况，设置关闭该无效会话一连串的事件。

It stores various bits of information about your conversation with the server. SSL cookies, session data such as your IP address and other information about your browser. As you change this information, a risk assessment value is increased as deviation from the originally known values changes. Once this value reaches a certain threshold, based on your country's online risk profile, that sets off a chain of events that invalidates your session.

当会话失效，需要重新登录项。
它比饼干更复杂，但它涉及饼干了。

When your session is invalidated, you need to log-in again. It's more complicated than a cookie, but it involves cookies too.

有很多在安全界争论其是否重要补充保护端点之外和饼干验证和当它成为一个滋扰到最终用户。

There is a lot of debate in the security community as to whether it matters to add protection beyond endpoint and cookie verification and when it becomes a nuisance to the end user.

这篇关于谷歌是如何识别＆QUOT;可信设备和QUOT;与两步骤验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！