Google Gets Serious About Two-Factor Authentication. Good!
“Turn on two-factor authentication” is solid advice, and WIRED has repeated it for years. Doing so ensures that your password isn't the only line of defense against unauthorized access to your accounts. The only problem? The onus was always on you to figure out how to make it happen. Now, Google is taking its first steps toward enabling two-factor by default for all its users—and where Google goes in web security, the rest of the industry often follows.
The company said in a blog post this week that it will begin asking users who already have enabled two-step verification to authenticate by tapping a prompt on their smartphones whenever they sign into their Google or Gmail account. (Gmail has about 1.8 billion users; people can also create Google accounts using email addresses from other services.) Once Google assesses data on how easy it is for existing two-factor users to interact with these mobile prompts, the company will start automatically opting users into two-step verification.
“We’re starting with the users for whom it’ll be the least disruptive change and plan to expand from there based on results,” Mark Risher, Google's director of product management for identity and user security, told WIRED. “It’s true that multifactor authentication has historically been considered tedious and challenging to set up, but for many users that is no longer the case.”