On May 6, on the occasion of World Password Day, Google had announced that it will soon start enabling two-step verification (2SV), also known as two-factor authentication (2FA) by default for select users to increase user account security.
In order to celebrate Cybersecurity Awareness Month (October), Google has once again emphasised the need for two-factor authentication to make sign-in safer and more convenient.
The company already provides existing security measures such as Google Password Manager, built directly into Chrome, Android, and the Google App to keep passwords safe across all the sites and apps.
For iOS devices, users can select Chrome toย autofill saved passwords in other apps, and very soon users will be able to take advantage of Chromeโs strong password generation feature for any iOS app.
Also, Google plans to roll out a feature in the Google app that allows users to access all of the passwords they have saved in Google Password Manager right from the Google app menu.
Now, in a blog post, the company has announced that Google plans to auto-enroll an additional 150 million Google users and 2 million YouTube creators in to using two-factor authentication for their accounts by the end of 2021.
According to Google, having a second form of authentication dramatically decreases an attackerโs chance of gaining access to an account.
โFor years, Google has been at the forefront of innovation in two-step verification (2SV), one of the most reliable ways to prevent unauthorized access to accounts and networks. 2SV is strongest when it combines both “something you know” (like a password) and “something you have” (like your phone or a security key),โ AbdelKarim Mardini, Group Product Manager, Chrome and Guemmy Kim, Director, Account Security and Safety wrote in the blog post.
โ2SV has been core to Googleโs own security practices and today we make it seamless for our users with a Google prompt, which requires a simple tap on your mobile device to prove itโs really you trying to sign in. And because we know the best way to keep our users safe is to turn on our security protections by default, we have started toย automatically configure our usersโ accounts into a more secure state.โ
However, they also acknowledged not everyone will be ready for these changes simultaneously.
They further added, โWe also recognize that todayโs 2SV options arenโt suitable for everyone, so we are working on technologies that provide a convenient, secure authentication experience and reduce the reliance on passwords in the long-term. Right now we are auto-enrolling Google accounts that have the proper backup mechanisms in place to make a seamless transition to 2SV.โ
Google also said that they have partnered with organizations to provide free security keys to over 10,000 high-risk users this year. It has also recently launched One Tap and a new family of Identity APIs called Google Identity Services, which uses secure tokens, rather than passwords, to sign users into partner websites and apps, like Reddit andย Pinterest.
With the new Google Identity Services, the company has combined Google’s advanced security with easy sign-in to deliver a convenient experience that also keeps users safe. These new services represent the future of authentication and protect against vulnerabilities like click-jacking, pixel tracking, and other web and app-based threats.
โUltimately, we want all of our users to have an easy, seamless sign-in experience that includes the best security protections across all of their devices and accounts,โ the blog post concluded.
In a separate blog post, Google highlighted the details of its Inactive Account Manager, where users can decide when the company should consider users’ account inactive and whether it should delete their data or share it with a trusted contact.
You can read more about Inactive Account Manager here.