Google to turn on 2-factor authentication by default for 150 million users

Cyber Security

Google has announced plans to automatically enroll about 150 million users into its two-factor authentication scheme by the end of the year as part of its ongoing efforts to prevent unauthorized access to accounts and improve security.

In addition, the internet giant said it also intends to require 2 million YouTube creators to switch on the setting, which it calls two-step verification (2SV), to protect their channels from potential takeover attacks.

“2SV is strongest when it combines both ‘something you know’ (like a password) and ‘something you have’ (like your phone or a security key),” Google’s AbdelKarim Mardini and Guemmy Kim said in a post, adding “having a second form of authentication dramatically decreases an attacker’s chance of gaining access to an account.”

The rollout follows the company’s proposals to beef up account sign-ins earlier this May, when it said it intends to “automatically enrolling users in 2SV if their accounts are appropriately configured.”

In a related security-focused development, Google also said it’s planning on adding a feature in its namesake search app that allows users to access all of the passwords saved in Google Password Manager (“passwords.google.com”) right from the app’s menu, in addition to partnering with organizations to provide free security keys to over 10,000 high-risk users in 2021.

The development comes weeks after Microsoft introduced a passwordless mechanism that enables users to access their accounts without a password by just using Microsoft Authenticator, Windows Hello, a security key, or a verification code sent via SMS or email.