Google wants every account to use 2FA, starts auto-enrolling users

Google announced earlier this year that it is planning to forcefully transition as many of its users as possible to two-factor authentication (2FA). The company elaborated further in October, saying it was planning to auto-enroll 150 million Google accounts in 2FA by the end of the year. Now, with just two months left in the year, Android Police has found a few reports showing that the process has started, with some users finally being auto-enrolled in 2FA.

Two-factor authentication—which Google calls "two-step verification" or "2SV" for some reason—requires you to use something in addition to your password to log in to an account. Usually, this "something" is a code or confirmation prompt from a smartphone. You can also use a physical security key, like a USB stick. A username and password won't be good enough anymore.

Google's support page details the auto-enrollment process. The company says accounts that have been flagged for 2FA will get an email or notification about seven days before the requirement is enforced. Organizations with paid Google Workspace accounts won't be forced into 2FA; that's something for admins to decide. YouTube made 2FA a requirement for all "partner"-level creators (YouTubers with revenue sharing) on November 1. The bottom of the support page says that for now, Google will let people auto-enrolled in 2FA shut it off, but that "soon, 2-Step Verification will be required for most Google Accounts."

Google has way more than 150 million user accounts, but it says it is only "auto-enrolling Google accounts that have the proper backup mechanisms in place to make a seamless transition to 2SV." Those backup requirements include a recovery phone number that can receive SMS codes or a recovery email.

For Google accounts, a valid 2FA method is built into every Android phone via the "Google Prompt" feature in Google Play Services, which pops up an easy "yes" or "no" prompt when you log in to a new device, saving you the hassle of typing in a code. On iOS, Google Prompt requests for your account can be received by the Google Search app, the Gmail app, or the dedicated Google Smart Lock app. A security key is also an option.