In a bid to warm up users to stronger security, Google is auto-enrolling select members of its user base for two-factor authentication, the company has announced.
In a blog post published Tuesday, the search giant provides several updates on password security, acknowledging that “managing a set of strong passwords isn’t always convenient, which leads many people to look for shortcuts (i.e. dog’s name + birthday) or to neglect password best practices altogether, which opens them up to online risks.”
Among these updates is Google‘s rather unceremonious announcement that it will begin enrolling millions for two-factor authentication to strengthen accounts against malicious activity.
Google calls it two-step verification, abbreviated as 2SV, and notes that “a second form of authentication dramatically decreases an attacker’s chance of gaining access to an account.”
While the company has been advocating for multi-factor authentication for a decade, throngs of its customers are still on the sidelines. That starts to change this year, with Google switching 2SV on by default for an additional 150 million users, plus 2 million YouTubers.
“For years, Google has been at the forefront of innovation in two-step verification (2SV), one of the most reliable ways to prevent unauthorized access to accounts and networks. 2SV is strongest when it combines both “something you know” (like a password) and “something you have” (like your phone or a security key),” reads the announcement.
“2SV has been core to Google’s own security practices and today we make it seamless for our users with a Google prompt, which requires a simple tap on your mobile device to prove it’s really you trying to sign in. And because we know the best way to keep our users safe is to turn on our security protections by default, we have started to automatically configure our users’ accounts into a more secure state. By the end of 2021, we plan to auto-enroll an additional 150 million Google users in 2SV and require 2 million YouTube creators to turn it on,” Google’s AbdelKarim Mardini and Guemmy Kim write.
Not wanting to upset users who prefer to make 2SV their decision, the company is only auto-enrolling users who “have the proper backup mechanisms in place to make a seamless transition to 2SV.” Users who want to check if they have the right settings in place are encouraged to take a Security Checkup.