May 6th is World Password Day, a day dedicated to promoting safer password practices. Today, Google announced that moving forward, all users of its various services will be prompted to enable two-factor authentication, and those who have already done so will be asked to verify that they are who they claim they are. Additionally, Google will enable two-factor authentication by default for users soon.
Two-factor authentication, also referred to as multi-factor authentication, 2-step verification or 2FA, is a security feature that requires you to provide credentials other than your password to log into your account. This other information can be a code sent to your phone or given by an ad hoc app like Google Authenticator or Authy.
Mark Risher, director of product management, identity, and user security at Google, explained the change’s reasoning in Google’s blog post. He said, “passwords are the single biggest threat to your online security — they’re easy to steal, they’re hard to remember, and managing them is tedious.”
Google is beginning with those who have already enabled two-step verification. Users are required “to confirm it’s really them with a simple tap via a Google prompt on their phone whenever they sign in,” Risher explained.
Additionally, Google will soon start automatically enrolling users in 2FA if their accounts are appropriately configured. (You can check the status of your account in Google’s Security Checkup)
Google is now integrating advanced security technologies into smartphones to make multi-factor authentication easier than typing a password and much safer. Google has integrated security keys directly into Android smartphones and released the Google Smart Lock software for iOS, allowing users to use their phones as a secondary means of authentication.
Google aims to eliminate the need to use passwords in the near future, but until then, using two-factor authentication to keep your credentials safe is imperative.