Two-factor authentication (2FA) ensures that your password isn’t the only defense against unauthorised access to your accounts, email, and online profiles. Mountain View, California-based giant Google is now taking its first steps towards enabling two-factor authentication by default for all its users. The company said in a blog post last week that it will begin asking users who already have enabled two-step verification to authenticate by tapping a prompt on their smartphones whenever they sign into their Google account or Gmail. Once Google analyses how much effort it takes for existing 2FA users to interact with these mobile prompts, the company will start automatically opting other users into its two-step verification.
“Today we ask people who have enrolled in two-step verification (2SV) to confirm it’s really them with a simple tap via a Google prompt on their phone whenever they sign in. Soon we’ll start automatically enrolling users in 2SV if their accounts are appropriately configured," Google said in the blog post. The company said that using a mobile device to sign in gives people a safer and more secure authentication experience than passwords alone. Google also said that it is building advanced security technologies into devices to make multi-factor authentication seamless and even more secure than a password. “For example, we’ve built our security keys directly into Android devices, and launched our Google Smart Lock app for iOS, so now people can use their phones as their secondary form of authentication."
In an interview with WIRED, Google’s director for product management for identity and user security said that historically, 2FA has been considered a tedious and challenging thing to set up. But, for many users, that is no longer the case, he told the website.
Multi-factor authentication basically adds an additional layer of security to a login process beyond the standard username and password. And while multi-factor authentication is obviously a safer option to go with, it has been something that companies have been reluctant to put on their systems, as it is believed that 2FA may dissuade users from trying or using their services. Google making it default, however, is good news, since what Google does in web security is considered serious business and more often than not, companies follow the tech giant’s footsteps.
While users will still be able to opt out of Google’s 2FA if they change their mind, the goal is to push both users and the wider tech industry towards two-factor as standard.