Google’s about to push everyone into two-factor authentication
“Passwords are the single biggest threat to your online security,” the company says
Passwords are notoriously easy to crack, steal or otherwise compromise. In today’s era of highly advanced hackers, they’re pretty dated as a security measure.
That’s why Google is moving beyond passwords. It’s about to start automatically enrolling Gmail and Google account users into two-factor authentication (2FA).
“You may not realize it, but passwords are the single biggest threat to your online security -- they’re easy to steal, they’re hard to remember, and managing them is tedious,” Mark Risher, Google’s product management director for identity and user security, wrote in a blog post on Thursday, which is World Password Day.
“Soon we’ll start automatically enrolling users in 2SV if their accounts are appropriately configured. (You can check the status of your account in our Security Checkup),” he wrote.
So what does Google mean when it refers to your Google account being “appropriately configured” for 2FA? A Google product manager told PCWorld it means users already have recovery information on their accounts, like a phone number or a secondary email.
Cost of a data breach report 2020
Find out what factors help mitigate breach costsDownload now
Two-factor authentication is one of the simplest but most effective security steps that businesses and individuals can take. Also known as multi-factor authentication (MFA) or two-step verification, 2FA is a fairly straightforward process of confirming your identity twice before gaining access to an account or service.
Google already prompts users who are opening new Gmail accounts to enroll in two-factor authentication. The difference is, Google will now automatically enroll users into it.
Although some reports claim Google is making 2FA mandatory, a Google spokesperson told Mashable that users would be able to opt out if they want to.
So far, Google isn’t mentioning a specific timeline for this change, other than Risher writing that it’ll happen “soon.”
Implementing 2FA can go some way toward adding an extra barrier of entry for yourself and any third party attempting to access your account. While security questions seeking personal details, like the name of your first family pet or mother’s maiden name, may help shield user accounts, savvy hackers can easily figure these out, often by rummaging through social media accounts.
Adding the second authentication factor, whether by delivering a code by text message or email or using an authenticator app, adds a more robust protective layer. While it may seem arduous to jump through this hoop time and time again, the benefits of having these hoops in place are untold.
Join the 90% of enterprises accelerating to the cloud
Business transformation through digital modernisationFree Download
Delivering on demand: Momentum builds toward flexible IT
A modern digital workplace strategyFree download
Modernise the workforce experience
Actionable insights and an optimised experience for both IT and end usersFree Download
The digital workplace roadmap
A leader's guide to strategy and successFree Download