Google’s goal of organizing all of the world’s information has, for better or worse, meant that it also possesses those pieces of information, especially the data of millions of people around the world. That makes it one of if not the biggest targets of hackers, and it has worked hard on making its security bulletproof. Unfortunately, the weakest links in that security chain are, in fact, those same Google users that the company has been trying to protect. Stepping up those efforts, Google is announcing that it will turn on 2SV, sometimes called 2FA, for millions of users, whether they like it or not.
Two-step verification (2SV) or two-factor authentication (2FA) has become the most common security measure that’s being pushed to supplement rather than replace passwords. It combines the password (something you know) with some other element (something you have), often a smartphone that has an authenticator app installed or can at least receive a one-time PIN (OTP). This has become the first line of defense in light of weak passwords, but, unfortunately, many people still find it inconvenient.
Google has been trying to convince people to enable 2SV for their Google accounts, but it seems that the company will now take matters into its own hand. It has already started automatically configuring some accounts to use 2SV and will require YouTube creators to do likewise. Its most daring move, however, will be to auto-enroll 150 million Google accounts into this 2SV system before 2021 ends.
That’s not to say Google will do so blindly, as not all accounts are actually eligible to use 2SV anyway. It will only enable it for those accounts with proper backup mechanisms, it says, quite possibly those that have a phone number associated with their Google accounts. Users are free to disable 2SV, of course, though that might not be advisable from a security standpoint.
Google does acknowledge that its current 2SV options might not be applicable in all scenarios and says that it is working on alternatives. Android phones, for example, now also function as security keys, where one-tap authentication methods can be used when signing into some accounts.