Google Plans to Automatically Enroll Users In Two-Factor Authentication Soon

Gif: Google

Security experts have been banging the drum about password managers and enabling two-factor authentication for what seems like an eternity. Probably because year after year, hordes of you keep using “123456" and “password” to secure your shit online. Well, Google’s not having it anymore. So long as you provide a secondary email or phone number, the company will soon start automatically enabling 2FA on your Google Accounts.

Advertisement

The change isn’t so much an announcement, as it is a little tidbit included in an official Google blog on password security published today for World Password Day. According to Google, searches for “how strong is my password” shot up by 300% in 2020. But even if everyone used long, complicated passwords, Google says that’s not good enough, as it can encourage people to use that same, complicated-but-secure password across multiple accounts. The goal is to do away with passwords altogether.

“Soon we’ll start automatically enrolling users in 2SV [two-step verification] if their accounts are appropriately configured,” writes Mark Risher, Google’s director of product management, identity, and user security. “Using their mobile device to sign in gives people a safer and more secure authentication experience than passwords alone.” Risher then pointed to Android’s built-in security keys and the Google Smart Lock app for iOS password managers as other examples of efforts to make 2FA less cumbersome. He also highlighted Chrome’s built-in password manager, as well as the recently launched Password Import feature, which lets you upload 1,000 passwords from third-party sites into Google’s password manager for free.

Google already has 2FA as an option, but it’s not mandatory. You may have also noticed recently that starting last summer, logging into your Gmail might require you to tap a Google prompt from your phone. As to what Risher means by “appropriately configured” accounts, it basically refers to whether you’ve supplied Google with recovery information—a secondary email, phone number, an authenticator app, etc. You can check by heading to Google’s Security Checkup page.

Other than saying this would happen “soon”, Google hasn’t given a timeline for when automatic enrollment will begin or if there’ll be an official announcement when rollout starts. But you really don’t have to wait for Google to do it for you. Please, for the love of tech bloggers everywhere, enable 2FA so we don’t have to keep writing blogs reminding you why it’s a good idea to enable 2FA.

Consumer tech reporter by day, danger noodle by night. No, I'm not the K-Pop star.

DISCUSSION

f-d-bryantiii
F. D. Bryant III

Ugggg.....as much as I support the idea of 2FA or 2VS this is just going to make my life more difficult. For one thing I support a number of family member accounts and it is often easier for me to be able access their account directly without their intervention.

Secondly, I don’t push 2FA/2SV on members of my family because they can barely manage their passwords as is (I can’t count the number of times I find out a password has been changed because they had to password reset cause they couldn’t get the password correct).

Third I’m going to be the one getting the bitching and the complaints just because it has been changed (and that is assuming it works correctly).

I understand the whys for this but honestly I think this is just going to cause more trouble than it is actually worth compared to the actual risk.  I predict Google is going to get a lot of locked out accounts from this (but what do they care their customer service is nonexistent anyway).