In May Google had announced the intention of enable two-factor authentication – or two-step verification – by default in its accounts, to allow greater security for users. Now, on the occasion of Cybersecurity Awareness Month, Google has renewed its pledge affirmed that will enable two-step verification by default for 150 million accounts by the end of the year.
Google increases security for users with two-step verification
Photo credits: Google.
L’two-factor authentication, or two-step verification, allows you to add an extra layer of security to your account. In fact, in addition to simply entering the username and password, it is necessary to enter a unique code received by mail, text message or call upon login. You can also use a secondary app, such as Authenticator, or a hardware security key. This protects your account from any attackers who manage to recover the user’s credentials because they are weak or after a data leak.
This type of protection is widespread, and virtually all sites and applications where you need to log in offer the option to enable 2-Step Verification. This option remains at the user’s discretion, however, and is often not activated out of laziness. In 2018 Google claimed that only 10% of his active accounts actually used two-factor authentication. A very small slice of users. This is precisely why Google will make this the default setting by the end of the year.
Two-factor authentication will also be mandatory for 2 million creators on YouTube
Since then the company has pushed, solicited and encouraged people to activate the setting. In the end it is just a matter of making an extra step during access, and the few seconds it takes are well rewarded with greater security. Google has also warned that it will require more than 2 million creators signed up for the Partner Program on YouTube to enable two-factor authentication to protect their channels from malicious actors. In addition, the company claims to have partnered with some organizations to distribute more than 10,000 hardware security keys each year.
Another tool that helps users protect their accounts is a password manager and Google says it currently checks over a billion passwords every day via its password manager built into Chrome, Android, and the Google app. The password manager is also available on iOS, where Chrome can auto-fill logins for other apps. Other than that, it analyzes the credentials for understand if the chosen passwords are weak or if they are repeated on too many websites. Google says it will soon help generate passwords for other apps, making things even easier. The ability to see all saved passwords directly from the Google app menu will also soon be available.
L’Inactive Account Manager
Google’s measures don’t stop there. The company further emphasized the existence of his Inactive Account Manager, an inactive account manager. This is a set of decisions to make about what should happen to your account if you decide to stop using it for certain months.
Google added the feature in 2013 so you can set a timeout period for your account, from three to 18 months of inactivity, before the Inactive Account Manager protocols take effect. In case you just changed your account or forgot your login, Google will send an email one month before the time limit expires. At that point, you can choose to delete your information or forward it to any trusted contact to handle things on your behalf.
The Google blog post notes that an inactive account led to the massive Colonial Pipeline attack earlier this year. And probably no one wants their digital life unused for months to be available to hackers in the future.
How to activate 2-Step Verification on Google
Right now, 2-Step Verification isn’t mandatory for your Google Account, but you can turn it on to make your online life safer. To proceed you must:
- Open your Google Account;
- Go to the “Security” panel of the page that opens;
- Under “Sign in to Google” select “Two-Step Verification> Get Started”;
- Follow the on-screen instructions.
As anticipated, the unique code – at each access – will be available via SMS, call, or in the app Authenticator or other apps for creating verification codes. Alternatively you can use one of the backup codes of your account, the on-screen notification that appears on your smartphone and approve access on the second device or use physical security tokens. All information is available by visiting this page.