Google will auto-enrol 150 million users in 2FA by end of 2021

An additional two million YouTube creators will also be required to switch it on the 2SV feature by the end of the year

Google has announced plans to automatically enrol an additional 150 million users in two-factor authentication (2FA) by the end of 2021.

Known as two-step verification (2SV), the security feature combines the use of a password with a mobile device or a security key in order to diminish the chances of unauthorised access to accounts and networks. For instance, users signing in to their Gmail account, particularly when using a new computer for the first time, are asked to tap a prompt on their smartphone to authorise the login.

In a blog post published on Tuesday, the tech giant stated that enabling security protections by default is “the best way to keep [their] users safe”, which is why it's moving to ensure that more accounts have the 2SV feature switched on:

“By the end of 2021, we plan to auto-enrol an additional 150 million Google users in 2SV,” it announced, adding that an additional two million YouTube creators will be required to turn the feature on by the end of the year.

The tech giant acknowledged that not everyone has access to a smartphone or a security key, noting that it is “working on technologies that provide a convenient, secure authentication experience and reduce the reliance on passwords in the long-term”.

“We know security keys provide the highest degree of sign-in security possible, that’s why we've partnered with organisations to provide free security keys to over 10,000 high-risk users this year,” it stated.

Google said that users will be able to benefit from built-in security key capabilities in Android phones as well as its Google Smart Lock app for iOS, adding that its 2SV technology is automatically supported by “two billion devices around the world”.

In a Twitter post, Google product manager Sriram Karra said that today’s announcement “is just the beginning”. 

“The 150m 2SV user count is staggering already if you look at it in the broader industry context. For e.g. Twitter recently announced ~2.5% of its ~350m active users have 2SV - that's ~9m user accounts,” he stated.

Related Resource

How to secure workloads in hybrid clouds

Cloud workload protection

Whitepaper front coverFree download

Companies across the tech industry have been working to strengthen account security and minimise users' reliance on passwords. In June, Twitter announced that its users would be able to use a security key as their only 2FA method, while in September, Corporate VP of Microsoft Security, Compliance and Identity, Vasu Jakkal, stated that customers “can now completely remove the password from [the] Microsoft account”.

However, 2FA has also been the target of cyber criminals. Earlier this week, Coinbase sent out letters to 6,000 customers informing them that hackers managed to exploit “a flaw in Coinbase’s SMS Account Recovery process in order to receive an SMS two-factor (2FA) authentication token”.

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download

Most Popular

Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans
Laptops

Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans

11 Oct 2021
Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
HPE wins networking contract with Birmingham 2022 Commonwealth Games
Network & Internet

HPE wins networking contract with Birmingham 2022 Commonwealth Games

15 Oct 2021