Google to auto-enroll more users in two-factor authentication, citing reduction in hacks

If you still don’t have two-factor authentication on your Google Account, don’t be surprised if the company requires you to adopt it.

Google saw a significant reduction in password-based account hijacking when it automatically enrolled 150 million users in two-step verification (2SV), so it now plans to auto-enroll even more accounts. “In 2022, we will continue to expand our 2SV auto enrollment, making signing even easier,” the company wrote in a blog post.

Google didn’t say which users would get the two-factor push, but after it expanded 2SV adoption to 150 million users, “we’ve seen a 50% reduction in accounts that are compromised compared to accounts that don’t have access.” are not nominated,” the company said.

Two-factor authentication adds an extra step to the login process. This means that if a hacker gets hold of your password, it will not be enough to break into your account. Instead, under many two-factor authentication processes, the hacker would also need access to your smartphone.

Google did not say whether the company’s 2SV system was thwarting all hijacking attempts. But the company said the 50% reduction in hijacking “shows how effective another form of verification can be in protecting your data and personal information.”

Indeed, security experts in general recommend that every user should activate two-factor authentication on their most important accounts. But that said, security protection isn’t always convenient or flawless, especially SMS-based two-factor authentication.

In the case of Google, the company is trying to facilitate two-factor authentication by issuing a login prompt to the account holder’s smartphone after the correct password is successfully entered. Tapping on the word “Yes” at the prompt will complete the login process.

Google continued: “We are actively working on technologies that provide a secure, seamless sign-in experience and eliminate reliance on passwords – as passwords are often involved in data breaches, phishing attempts It’s hard to remember, and constantly hurts to update.” (For example, the company already allows users to secure their accounts with a hardware-based security key.)

If you’re not a fan of 2SV auto-enrollment, you’ll be able to opt out. “Users who are automatically enrolled will receive a notice 7 days prior to the day they are automatically enrolled,” Gummi Kim, director of product management at Google, told us. “At this stage, users can opt out if they wish. However, we encourage everyone to learn more about 2SV and how important it is in helping protect our accounts, especially when it comes to password hacking.” become more sensitive.”

Kim also indicated that 2SV will only be rolled out to users who have a recovery email and a phone number registered with their accounts. “We have already enrolled users that we consider to be early adopters and whose accounts were 2SV ready,” he said, adding: “There is a lot of education that needs to happen with 2SV and we want that to happen. Users understand what it is and why it is beneficial.”

Leave a Reply

Your email address will not be published. Required fields are marked *