A Google engineer speaking at the annual Usenix Enigma conference in Santa Clara, California has revealed that only 10 percent of active Google accounts use two-factor authentication.
Milka said that the reason why Google doesn’t force users to protect themselves using two-factor authentication is a matter of “usability.”
“The answer is usability,” said Milka, while speaking to the Register. “It’s about how many people would we drive out if we force them to use additional security.”
Typical attackers, for example, attempt to minimize the number of alerts users receive regarding account actions.
If Google detects that an individual logs in, immediately disables account notifications, searches for and downloads private emails or photos, and then installs software to mask those actions, the individual in question is most likely a hacker and not the true account holder.
Google accounts have featured two-factor authentication for a number of years, and Google’s Authenticator app — which allows user to store and generate two-factor passcodes — received a visual overhaul in December 2015.
As we have since September 2014, MobileSyrup recommends that its readers turn on two-factor authentication if it’s available. Having to type in a regular password and a two-factor code might seem like an added nuisance, but the security benefits speak for themselves.
Source: The Register