After accelerating its efforts to auto-enroll as many accounts as possible in two-factor authentication (2FA), Google announced that an additional 150 million users now have 2FA enabled.
Google first announced that it strives to push all its users to start using 2FA (or two-step verification as Google calls it) in May 2021, as part of a broader move to secure as many accounts as possible from attacks that use compromised credentials or guess passwords to hijack accounts.
Months later, in October, Google also said that it plans to enforce 2FA for at least 150 million users by the end of the year.
This action is meant to increase Google user accounts’ security by removing the single biggest threat making them easy to hack: passwords that are challenging to remember and, even worse, easy to steal in phishing attacks and via data breaches.
“Since last year’s initiative, we’ve successfully auto-enabled 2SV for over 150 million people, while also requiring 2 million of our YouTube creators to enable it,” said Guemmy Kim, Google’s Director for Account Security and Safety.
“As a result of this effort, we have seen a 50% decrease in accounts being compromised compared to those not enrolled.
“Turn on 2SV (or we will!), as it makes all the difference in the event your password is compromised. Don’t just take our word for it; many in the private and public sectors are also rallying behind 2SV.”
Enroll your device and use it as a security key
Google says that additional accounts will be enrolled in 2FA only if they have the “proper backup mechanisms” in place for the transition.
To check if your account has the correct 2FA settings enabled, you can take a Security Checkup, which will explain your available options and help you set up your account for recovery.
If you want to enroll in 2FA right now, you can go here and click the “Get Started” button to add an extra layer of security for your Google account.
In January 2020, Google announced that iPhones running iOS 10 and later could finally be used as security keys to verify sign-ins on Chrome OS, iOS, macOS, and Windows 10 devices without requiring pairing.
Previously, the company also made using Android phones’ built-in security keys generally available on Android 7.0+ (Nougat) devices and made it possible for iOS users to verify sign-ins into Google and Google Cloud services using Android phones set up as security keys.
More information on how you can set up your phone as a Google account security key can be found here.
Why is multi-factor authentication important?
In August, the US Cybersecurity and Infrastructure Security Agency (CISA) advised enabling MFA after adding single-factor authentication (SFA) to its very short list of cybersecurity bad practices.
Enabling multi-factor authentication (MFA) makes it a lot harder or even impossible for the vast majority of threat actors to pull off a successful attack and hijack your account.
For instance, a joint study by Google, New York University, and University of California San Diego found that MFA can thwart up to 100% of attacks coming from automated bots, 99% of bulk phishing attacks, and around 66% of targeted attacks.
Microsoft Director of Identity Security Alex Weinert also said that “your account is more than 99.9% less likely to be compromised if you use MFA.”