Google has put out another blog post reminding people that it will soon enable two-factor authentication (2FA) for millions of users by the end of the year.
2FA, or two-step verification as Google calls it, is a security protocol that can help protect online accounts by requiring a second method of authentication when the user signs in. In most cases, this refers the codes texted to people’s phones after they log into a website.
According to Google’s blog post, the search giant plans to auto-enroll an additional 150 million Google users in 2FA by the end of the year. It also plans to require 2 million YouTube creators to enable 2FA.
Along with that announcement, Google detailed several other ways it’s working to protect users’ accounts. For example, Google builds security keys into Android phones and offers similar functionality to iPhone users with Google Smart Lock. The search giant also detailed improvements to the password manager built into the Chrome browser, such as auto-fill options for iOS and Android users.
These things are all steps in the right direction for improving security. However, it’s also worth noting that 2FA can be an imperfect solution, especially when used over text.
SIM swap attacks are a common way for hackers to take over a victim’s phone number and intercept incoming 2FA messages to gain access to online accounts. It’s a prevalent issue in Canada, with the CRTC recently revealing it documented over 24,000 cases of potential phone number fraud between August 2019 and May 2020.
That’s part of why Google’s pushing users to use security keys and, in turn, is building them into devices. At a basic level, security keys are little USB sticks that users can plug into a computer to authenticate themselves. By turning smartphones into security keys, Google’s offering a convenient, secure alternative to SMS-based 2FA.
If you haven’t enabled 2FA on your Google account yet, here’s how to do it:
- Head to myaccount.google.com
- Click ‘Security’
- Scroll down to ‘Signing in to Google’ and click ‘2-Step Verification.’
- Follow the steps to set it up.
Image credit: Google