The days of stolen passwords and hacked accounts may be over.
May 6 was World Password Day, and how better to celebrate it than to make accounts more secure? At least, that is how Google sees it after it announced in a blog post that passwords alone were not enough to secure user accounts and data, and it plans to automatically enroll users with “appropriately configured” Google accounts into two-factor authentication (2FA).
In a nutshell, enabling two-factor authentication means that there can be no unauthorized access to your account.
Two-factor authentication (or two-step verification, as it is more popularly known) is a minimum requirement for staying safer online since passwords are susceptible to be stolen and misused. Google said that it would prompt pretty much all users to turn on two-factor authentication, and will ask people already enrolled to confirm they are who they say they are with a simple tap via a Google prompt on their phone whenever they sign in.
According to Mark Risher, Google’s Director of Product Management, Identity and User Security, the company was starting with users for whom it would be the least disruptive change and planned to expand from there based on results. Their ultimate goal was to get everyone into a more protected and secure state by default since passwords were “the single biggest threat to your online security—they’re easy to steal, they’re hard to remember, and managing them is tedious.”
Once two-factor authentication is enabled, users will receive a prompt to verify that an attempted login with their Google account is legitimate. “Using their mobile device to sign in gives people a safer and more secure authentication experience than passwords alone,” Risher said. He added that users would also have the option to disable the options.
Risher said that the company has already “begun automatically enrolling a small user group, we will be expanding that pool over the coming months.”
“For nearly all people/threat models, this is really great,” Eva Galperin, the director of cybersecurity at the Electronic Frontier Foundation, said.
Additionally, Google recommended the use of a Password Manager to help create unique, complicated passwords for many different logins as an additional safety measure. One fatal flaw of passwords is that they are often too obvious or common (in fact, 66% of Americans admit to using the same password across multiple sites) and a Password Manager may help rectify that issue. Google has a Password Manager built into Chrome, Android, and iOS, featuring a Password Check-up feature to check for compromised credentials from past hacks, and an import feature to allow people to upload up to 1,000 logins at a time from other third-party services. Google said that searches for “how strong is my password” increased by 300% in 2020, highlighting how important online security is for users.
Google has been a strong advocate for a future “where one day you won’t need a password at all,” and this announcement is a big step in that direction.