Google will soon enforce the use of two-step verification for Google accounts

[mood]

Google will soon enforce the use of two-step verification for Google accounts
 

Two-factor authentication, or as Google calls it two-step verification, is a popular security feature that adds another layer of security to the authentication process. Users who have configured two-factor authentication use a secondary authentication option, such as a code that is sent via SMS to a linked mobile device or an authentication app, to sign-in to their account.

 

Google customers may configure two-step verification to protect their accounts with that second security layer. Many of you have probably configured the feature already for their accounts.

 

Google announced this week that it will soon enforce the use of two-step verification for Google accounts. The company wants to enroll its customers automatically, provided that the account is configured properly.

 

Today we ask people who have enrolled in two-step verification (2SV) to confirm it’s really them with a simple tap via a Google prompt on their phone whenever they sign in. Soon we’ll start automatically enrolling users in 2SV if their accounts are appropriately configured.

 

Google's Security Checkup online tool allows users to check whether two-factor authentication can be enabled for the account and to find out which information is missing to enable the feature.

 

 

The following options are available when it comes to protecting Google accounts with two-step verification:

• Google Prompts: on Android if signed-in with the same Google Account, on iPhones, with Google's Smart Lock app, Gmail or Google app, and being signed-in to the same account.
• Security keys: physical security keys, e.g. a Yubikey.
• Authenticator app: use of Google Authenticator or another authentication app that generates one-time security codes on demand.
• Text message or call: if a mobile phone number has been added to the account.
• Backup codes: created during setup.

 

Google does not mention specifically which of its customers it is going to push into using two-step verification. Any customer who has added a mobile phone number to the account or is using the same Google account on an Android device or certain Google apps on iOS, could theoretically be a targeted for the enrollment.

 

 

Source: Google will soon enforce the use of two-step verification for Google accounts

[Karlston]

Google wants people to use 2FA, so it’s just going to turn it on for them

Non-tech-savvy users always use the defaults, and the default will soon be 2FA.

Enlarge

Getty Images

Enabling two-factor authentication (2FA) on a Google account requires someone who is proactive about account security. Users have to log in, dig through the settings, and tick the right boxes. Of the billions of Google accounts out there, the uptake on 2FA is probably not that high, and Google is tired of it.

 

Yesterday, for "World Password Day," Google announced a very bold move for account security. "Soon," the company says, it will start "automatically enrolling" users in 2FA, provided their accounts are appropriately configured. Google doesn't go into detail about what "appropriately configured" means, but it sounds like anyone who can have 2FA enabled will have 2FA enabled soon. Google's preferred 2FA method is the "Google Prompt," a notification Google pushes to your phone when you're attempting to sign in. Rather than requiring you to type in a clunky code, the Google Prompt provides a simple "yes/no" check, making 2FA easier than ever.

 

On Android, Google Prompt is a full-screen pop-up built into every device as part of Google Play Services, so that's easy. On iOS, Google Prompt requests for your account can be received by the Google Search app, the Gmail app, or the dedicated Google Smart Lock app. It sounds like everyone meeting these requirements will soon be enrolled in 2FA.

 

Most users stick with the default settings, and soon, the default setting for 2FA will be automatic enrollment. Non-tech-savvy users are the most likely to have not enabled 2FA on their accounts, so hopefully, they'll still be able to figure out how to log in when the process suddenly changes. Google could also potentially lock someone out of an account if the company automatically enrolls a user in 2FA and the user's device setup can't actually support it. Hopefully, the first attempt includes some kind of wiggle room or consent.

 

 

Google wants people to use 2FA, so it’s just going to turn it on for them