Google will automatically enable two-factor authentication for 150 million users by this...


Posts: 1,026   +171
Staff member
Why it matters: Passwords have long been understood to be insufficient at protecting a user's online presence, which is why additional tools such as password managers and mechanisms like 2FA have been made available for years. In an effort to promote better security practices, Google says it will require 2 million YouTube creators to enable two-step verification and plans to auto-enroll 150 million user accounts by the end of 2021.

Google says it checks the security of 1 billion passwords daily to protect users against hackers. Still, a bit of social engineering and reusing the same password across multiple websites do their part in making a hacker’s job slightly easier, not to mention the atrocious choice of passwords themselves.

Microsoft recently addressed this problem by allowing users to go passwordless with their accounts, and now Google is ramping up the security of its users by auto-enrolling 150 million of them into its two-step verification (2SV) process. 2SV has long remained an additional security measure for protecting Google accounts, and the company announced a while back that it plans to make it the default option for properly configured accounts.

The decision to auto-enroll 150 million accounts appears to be another step in that direction. Moreover, Google will also require 2 million YouTube creators' accounts to enable 2SV by this year’s end.

The company said that it’s also working on technologies that reduce user reliance on passwords, like the recently introduced Google Identity Services API that replaces passwords with secure tokens for authenticating users across sites and services.

Permalink to story.



Posts: 2,256   +4,392
Friendly tip: grab an older, out of use phone or tablet you might have lying around and repurpose it as your 2 factor device/key. I notice that I am the exception among almost everyone I know in which I am able to keep my phones for 3 or 4 years at least while most people lose them, break them, have them stolen, etc. And this will undoubtedly cause a great deal of stress to most people.


Posts: 1,320   +2,149
2FA is problematic if your phone is not available. You need to keep codes somewhere to be able to enter your accounts. Really, I don't want that crap on me. I set up a long complex password with uppercase, lowercase, numbers and symbols and it should be enough. 2FA is relevant only for people using simplistic password (e.g. 123456 :( )


Posts: 229   +125
For more security they can just increase the minimum password length to 13 chars like the 13 from article 13. :innocent:


Posts: 125   +73
Here's my 2FA take - if it is your phone, you have just given away the keys to your life. Now Google & pals can even more effectively 'target' you with ads.

For those accounts that are important to you, if allowed use another email account. I have a dummy account at gmail just for that purpose