Google Auto-Enrolls 150M Users Into Two-Factor Authentication
Google claims it will improve user security.
Years ago, passwords were the only thing protecting user accounts online. When used in combination with a username, passwords alone were trusted to protect almost all user accounts. This over-reliance on a single layer of security led to online user accounts to get hacked easily.
As internet usage increased thanks to smartphones, number of hacks and hacking methods too increased.
Protecting user accounts, their information and private data got challenging. This is when sites came up with something called Two-Factor Authentication (2FA) which is also known as Multi-Factor Authentication.
What is Two-Factor Authentication?
Two-Factor Authentication is a multi-layered security option added to user accounts by many major organizations like Google and Microsoft, among many others.
Basically, when 2FA is enabled, whenever a user tries to enter into their account, depending on their selected option, they get a text message or a notification in an app, with an additional password which one needs to enter after submitting their main password.
This extra layer of added protection ensures that even if someone has gotten their password hacked or leaked or have shared it with someone unknown by mistake, the mischievous person cannot enter your account unless they have active access to the victim’s phone or the device they have selected in their 2FA options.
It is similar to OTP, that is, one-time-password which many banks and financial organizations have implemented. Except, more and more internet giants are implementing similar options to protect their users.
Google and Two-Factor Authentication
Google too offers something similar. It has named its Two-Factor Authentication as 2-Step Verification (2SV). Google allows users to use text, voice call, Google Authenticator mobile app or special 2SV enabled USB drive.
The problem with 2SV is that it’s not enabled by everyone, in spite of being available from years. Google wants to change that.
A month ago, in a blog post titled Making sign-in safer and more convenient, Google announced that it’s going to auto-enroll 150 million Google users into 2SV, in addition to 2 million YouTube creators into the same, in an intent to protect these accounts from hackers online.
Google says for now it’s auto-enrolling only those accounts that “have the proper backup mechanisms in place to make a seamless transition to 2SV”. It likely means those who have added a phone number or other devices as their backups in their Google account.
Now as per 9to5Google these eligible users are now getting emails about their accounts to be enabled with 2SV on 9th of this month itself.
Going forward, as per the official Google support document, Google wants to enable 2SV on almost all Google accounts.
Is Two-Factor Authentication (2FA) or 2-Step Verification Worth It
While some problems do exist with 2FA. Like text message not arriving due to jammed network or unavailability of network, something which can be bypassed with an 2FA app like Google Authenticator which allows generation of 2SV passwords even when not online. Overall, 2FA is extremely worth it. Its benefits hugely outweigh the risks associated with using it.
The problem with passwords are, they are easily stolen. Most people use the same passwords on multiple sites. While major organizations like Google are less likely to leak your password, if your Google password is used on another site with improperly secured account password implication and that site gets hacked, it gets immensely easy for the hacker to gain access to your Google account as well. This alone makes 2FA worth it.
How to enable Google 2-Step Verification
In case you are one of those who haven’t enabled 2SV already on their accounts and haven’t got any email from Google about the same, it’s quite easy to do that.
Just login into your Google account’s security options and enable it.
We recommend using Two-Factor Authentication on all your accounts online whenever available.