Google automatically enrolled more than 150 million users in two-step verification in October. When you sign into a Google account on a new device, an alert will appear to confirm the login using another device that is already logged in, such as a computer or smartphone.
Google has reported a 50% decrease in hijacked accounts since enabling this.
The strategy demonstrates the capacity of a digital giant like Google to provide security by default and fits within a years-long drive to move consumers toward a more robust security model - eventually aiming for a world without passwords.
Two-factor authentication (2FA) or two-step verification (2SV), as Google refers to it, is a vital component of this method, as it dramatically improves account security by requiring a tangible item such as a security key or a phone to receive codes through app or SMS. Historically, though, the issue has been one of adoption.
In 2018, a Google engineer discovered that more than 90% of active Gmail accounts were not using two-factor authentication, raising questions about why the company didn't make the process necessary. Since then, the firm has been working to make 2SV the default option for a larger number of users, as well as a need for some.
The company did not specify how quickly it expected 2FA to spread, but it did commit to continue the rollout until 2022. So far, over 150 million users have been auto-enrolled, including over 2 million YouTube creators.
In addition, the business announced more security updates to commemorate Safer Internet Day. Google will allow users to opt-in to an account-level safe browsing option that will prevent you from visiting known hazardous sites beginning in March. Google Assistant's privacy-conscious Guest Mode will also be expanded to nine new languages in the coming months, and the company has committed to beef up security for lawmakers ahead of the U.S. midterm elections.
The lower number of account breaches isn't surprising; making it harder to break into an account deters some would-be attackers. However, demonstrating the actual benefit of 2FA on security hasn't always been easy, and the sheer size of Google's user base provides a representative sample that others can't easily match.
Despite the fact that the number of web services that support two-factor authentication has steadily increased, consumer adoption remains low. Twitter, which introduced two-factor authentication in 2013, estimated that only 2.3% of active accounts had activated it by 2020, whereas Facebook's adoption rate was over 4% in 2021.
