Google has confirmed that it will soon enroll all its users into the Two-Factor-Authentication or 2FA for added security. The search giant indicates an exponential surge for “how strong is my password” was one of the reasons behind the mandatory inclusion of users into multi-factor authentication.
Two-Step-Verification (2SV), a rather simple but additional sign-in process, will soon become a compulsory security feature for users of Google services. The company chose World Password Day to officially confirm the same through a blog post.
— Encompass Innovate (@encompassin) May 6, 2021
Two-Step Verification using integrated security keys will soon become mandatory for all Google services:
Google has announced that it will “soon” begin enrolling users into its new two-step verification process. The inclusion is mandatory and the process is automatic.
Simply put, users will soon have to tap a Google prompt on their smartphone whenever they sign in to a Google service. “Appropriately configured” accounts will be part of the first phase of deployment, indicated Mark Risher, Google’s director of product management, identity, and user security:
“Soon we’ll start automatically enrolling users in 2SV [two-step verification] if their accounts are appropriately configured. Using their mobile device to sign in gives people a safer and more secure authentication experience than passwords alone.”
Google Will Automatically Enroll Users in Two-Factor Authentication Soon
— Marsha Collier (@MarshaCollier) May 6, 2021
Google hasn’t indicated what “appropriately configured” means. However, the company has pointed out that the majority of modern-day Android smartphones feature Google’s security keys.
What this essentially means is that users will soon and automatically start receiving security prompts without installing a secondary app. Apple iPhone owners, however, will need to install the Google Smart Lock app.
#Google is going to enroll people in two-factor authentication by default, today the company wrote in a blog post.https://t.co/P1tWmzjm8s
—#Wordpress #WooCommerce #SSO #SingleSignOn #MFA #2FA #KBA #KYC #CCPA #GDPR #Ecommerce #OnlineShop #OnlineShops #OnlineStores #Konfirmi
— Konfirmi (@Konfirmi) May 6, 2021
The service is available on Chrome-based browsers, Android, and iOS. Incidentally, Chrome has a built-in password manager, and the company recently launched the Password Import feature. The new feature allows users to upload 1,000 passwords from third-party sites into Google’s password manager for free.
Strong passwords are weak if people keep using them everywhere:
Poor password hygiene has been one of the major concerns and weak points for security services. Passwords such as “123456″ and “password” still rank one of the highest. Needless to mention, compromised accounts can become launch pads for many more security breaches.
Google indicates using long and complicated passwords too is not effective anymore. Traditionally, companies have advised internet users to create passwords that include a combination of capital letters, numbers, and symbols.
Google really wants you to stop relying on your password alone to protect yourself. https://t.co/dfmaoay0rT
— Motherboard (@motherboard) May 6, 2021
While users tend to create complex passwords, they often use the same password across multiple accounts and services. Hence, it seems Google wants to do away with passwords altogether.
Incidentally, Google already has 2FA as an option, but it’s not mandatory. Moving ahead, this should change.
Some security experts are concerned that senior citizens and people with no access to a smartphone, might face difficulties while logging into their accounts. However, a secondary email, phone number, an authenticator app, etc. could help people trying to log into their accounts. Details are available on Google’s Security Checkup page.