google 2fa

On May 6, on the occasion of World Password Day, Google had announced that it will soon start enabling two-step verification (2SV), also known as two-factor authentication (2FA) by default for select users to increase user account security.

In order to celebrate Cybersecurity Awareness Month (October), Google has once again emphasised the need for two-factor authentication to make sign-in safer and more convenient.

The company already provides existing security measures such as Google Password Manager, built directly into Chrome, Android, and the Google App to keep passwords safe across all the sites and apps.

For iOS devices, users can select Chrome to autofill saved passwords in other apps, and very soon users will be able to take advantage of Chrome’s strong password generation feature for any iOS app.

Also, Google plans to roll out a feature in the Google app that allows users to access all of the passwords they have saved in Google Password Manager right from the Google app menu.

Now, in a blog post, the company has announced that Google plans to auto-enroll an additional 150 million Google users and 2 million YouTube creators in to using two-factor authentication for their accounts by the end of 2021.

According to Google, having a second form of authentication dramatically decreases an attacker’s chance of gaining access to an account.

“For years, Google has been at the forefront of innovation in two-step verification (2SV), one of the most reliable ways to prevent unauthorized access to accounts and networks. 2SV is strongest when it combines both “something you know” (like a password) and “something you have” (like your phone or a security key),” AbdelKarim Mardini, Group Product Manager, Chrome and Guemmy Kim, Director, Account Security and Safety wrote in the blog post.

“2SV has been core to Google’s own security practices and today we make it seamless for our users with a Google prompt, which requires a simple tap on your mobile device to prove it’s really you trying to sign in. And because we know the best way to keep our users safe is to turn on our security protections by default, we have started to automatically configure our users’ accounts into a more secure state.”

However, they also acknowledged not everyone will be ready for these changes simultaneously.

They further added, “We also recognize that today’s 2SV options aren’t suitable for everyone, so we are working on technologies that provide a convenient, secure authentication experience and reduce the reliance on passwords in the long-term. Right now we are auto-enrolling Google accounts that have the proper backup mechanisms in place to make a seamless transition to 2SV.”

Google also said that they have partnered with organizations to provide free security keys to over 10,000 high-risk users this year. It has also recently launched One Tap and a new family of Identity APIs called Google Identity Services, which uses secure tokens, rather than passwords, to sign users into partner websites and apps, like Reddit and Pinterest.

With the new Google Identity Services, the company has combined Google’s advanced security with easy sign-in to deliver a convenient experience that also keeps users safe. These new services represent the future of authentication and protect against vulnerabilities like click-jacking, pixel tracking, and other web and app-based threats.

“Ultimately, we want all of our users to have an easy, seamless sign-in experience that includes the best security protections across all of their devices and accounts,” the blog post concluded.

In a separate blog post, Google highlighted the details of its Inactive Account Manager, where users can decide when the company should consider users’ account inactive and whether it should delete their data or share it with a trusted contact.

You can read more about Inactive Account Manager here.