Tech giant Google is all set to auto-enroll some 150 million users with two-factor authentication (2fA). Apart from these, two million creators on YouTube will also be signing up into using 2fA by the end of 2021, as per an announcement by the company on Tuesday.
Explaining the move, Guemmy Kim, Director at Google’s Account Security and Safety Team, and Abdel Karim Mardini, a Group Product Manager working on Chrome, said that being simple and easily guessed, passwords aren’t good at protecting accounts.
An Added Layer of Security
What exactly is two-factor authentication, you ask? It is a tool which provides an extra protection on top of passwords. One way in which such security may be provided might be the requirement of a one-time code to process login. This code can be sent to users’ devices through mail or via an app on their phone, or even through a hardware key in their computer.
This allows for users to still remain on top of their login activity even if their password is compromised somehow. If they use two-factor authentication, then even if someone gets privy to their passwords, they would still need one extra thing to break into your account, like a hardware key or an unlocked phone.
Something You Know and Something You Have
In Google’s case, the measure is known as two-step verification, and makes use of a code that is sent either to an app on your phone, or a hardware key on your computer. The code needs to be typed into the device to complete login, and Mardini and Kim say that it combines “something you know (password),” with “something you have (phone/security key).”
Keeping the same in mind, the tech biggie has decided to automatically configure the feature to its users’ accounts, and plans to add 150 million people to the same by the end of this year. Additionally, 2 million YouTube creators will be required to turn the tool on of their own accord.
The verification tool has been around for over a decade, but people haven’t been giving it much thought. Back in 2018, less than 10 percent of Google users had been using the feature, according to software engineer Grzegorz Milka. At that time, it was said that the company doesn’t want to “force” 2SV upon its users.
But it seems that the situation has changed now, with Google making the verification mandatory. At the same time, it notes that since not all its users are tech-savvy enough to deal with the tool, it is still being selective in which accounts it enrolls in the programme. Aiming at providing a secure and convenient method to users for protecting their accounts, Mardini and Kim assert that they are auto-enrolling 2SV only to those accounts that have a proper backup mechanism.
Source: The A Register