Google plans to enable two-factor authentication by default, automatically pushing users to safer security settings given the risks of relying solely on a password to protect your account. Currently, the system – also known as 2FA, two-step verification, or 2SV – is optional for Google accounts, though recommended.
It works, as the name suggests, by adding a second layer of security to your existing password. While that’s still required, along with your account username, Google also requires a second step: there, you have several options.
One – though generally not recommended – is to receive an SMS code to your cellphone, which you enter. Safer is using an authenticator app which generates such six-digit codes periodically, and which you have to enter within a time limit before they expire. More recently, Google has added the ability to tap a confirmation link on your smartphone when you’re trying to log in from a different device.
For those who want even more security, there’s the option to use a security key, a dedicated piece of hardware that must be present in order for the account to be accessible. Security keys can also be built into Android devices, too, while the Google Smart Lock app for iOS does similar for those using Apple’s iPhone.
Of course, all the 2FA options in the world are no use if you don’t switch the system on to begin with. Even if people aren’t sure whether their passwords are strong enough, it’s common that they don’t necessarily know that two-step verification is even an option for them.
“Soon we’ll start automatically enrolling users in 2SV if their accounts are appropriately configured,” Mark Risher, Director of Product Management, Identify and User Security at Google said today.
To see if your account is ready, Google’s Security Checkup will run through any issues. It’s generally a good idea for Google users to keep an eye on that interface on a regular basis anyway. Google is also using it to monitor potentially compromised passwords – and makes it easier to update any that could be affected – together with signing you out of devices you may no longer use or own, like old smartphones, PCs or Macs, or tablets.