Google has set a deadline for when everyone will be automatically enrolled in two-factor authentication

by -
Photo: Victoria Song/Gizmodo – More than 150 million Google users will be affected by the change. Google casually mentioned in a password security blog earlier in May that it planned to automatically enable 2FA on Google Accounts. Google gave no indication of what that timeframe might look like at the time, other than “soon.” However, Google now claims that the process is already underway in a blog post for Cybersecurity Awareness Month.

The blog post provides a wide summary of Google’s numerous efforts to make sign-ins more secure. Two-step verification, Google’s built-in Password Manager, the Google Smart Lock software, and Google Identity Services are among the solutions mentioned (2SV). You may have noticed that Google Prompts has been activated as the primary 2SV mechanism on all eligible phones since last summer. When you enter into your Google account, Google Prompt asks you to verify your identity by following a prompt on your smartphone.

“And, because we know that turning on our security safeguards by default is the best approach to keep our users safe,” Google says, “we have started to automatically set our users’ accounts into a more secure state.” “By the end of 2021, we intend to automatically enroll an additional 150 million Google users in 2SV, and 2 million YouTube producers will be required to turn it on.” (YouTube creators have until November 1st to submit their work.)

For the time being, Google is only enrolling accounts that have adequate backup in place. In a nutshell, this refers to accounts that have provided Google with recovery information such as a phone number, authenticator app, or alternative email address. By visiting Google’s Security Checkup website, you can see if you fall into that group.

In general, you should be utilizing 2FA or 2SV on all of your accounts, especially those that hold critical information. Because passwords are intrinsically poor security mechanisms—the best ones are the ones you can’t possibly remember—people are more likely to reuse them.

As a result, we’re starting to see IT businesses abandon them in favor of alternate authentication techniques such as multi-factor authentication. Google has previously said that it is moving toward a password-free future, while Microsoft announced last month that users will no longer be required to use passwords to access their Microsoft accounts. Apple also mentioned at WWDC 2021 that it was working on a “Passkeys in iCloud Keychain” functionality that will replace passwords with TouchID or Face ID.