



By the end of the year, Google confirmed that it would move forward on an “auto-registration” basis with a bold security update for about 150 million users. You may be wondering if you are among those who choose to use this strong password shield. If so, what exactly does this mean?

Google toggles millions of password security switches

Confirmation from Google was made by this week’s official safety and security blog post. The announcement by Abdel Karim Mardini, Product Manager of Google’s Chrome Group, and Guemmy Kim, Director of Security and Security for Google Accounts, reinforces the password security switch message I wrote in May.

FORBES Details Google Confirms Strong Security Rewind to 2 Billion Users

Yes, we’re talking about two-factor authentication (2FA) or, in the case of Google, two-step verification (2SV). The difference is a semantic issue for the average user. 2SV is technically the same authentication factor as a password, which is likely to be what you know, but it’s also actually the second factor.

A brief and dirty explanation is to add ownership if the element of “knowledge” here, for example, the password and the code you were asked to enter, is unique to your smartphone, or if you are something. It’s overflowing Use face or fingerprint recognition to access that device or authentication app.

Most importantly, Google provides additional protection for your login credentials. Importantly, the use of compromised login details is increasing, as recent research on credential stuffing has shown. In one important report, 61% of data breaches are even related to credential misuse.

Will you be one of the 150 million Google users who automatically opt-in?

The good news is the automatic registration of this 150 million Google account. Still, for example, some people have emailed concerns that without the proper authentication system app or hardware key, they could effectively be locked out of their account. I brought these concerns to Google’s director of account security and security, Guemmy Kim, and discovered how 150 million accounts were selected and how the registration process would be.

Cybersecurity Awareness Month is the perfect time for this Google News

Starting with the selection process, the criteria for choosing an account to register for 2FA protection are: “People who regularly sign in to their accounts, use Google products on their mobile devices, and have account recovery information. It includes people who are there. ” Recovery phone number and recovery email. According to Kim, these users will be in a position to “never confuse and lock out of their account” by automatically turning on that 2FA. By undergoing a Google security check, you can be sure in advance if your account is ready for this transition for password protection.

What if I don’t want to use 2FA?

Still, the small problems of the process remain inherently. I also asked Kim if he could explain the registration process. This seems to be missing from almost every report I’ve seen. This includes Google’s safety and security blog announcements already mentioned.

“The user will be notified 7 days before the sign-in method is changed from password-only to 2-step verification. If the change is made 7 days later, the user will be notified again,” Kim assures me. These notifications are said to be delivered both by email and on mobile.

Its first seven days of intent notification also includes an option for users to turn on 2FA. This means you don’t have to wait another week for more security. “Users who choose to turn it on early will be prompted to enter the setup flow for the two-step verification process and enter additional backup information,” Kim says.

And when it comes to options, you have to ask if this is all required, as is the case with about 2 million YouTube creators who need to enable 2FA account protection if they want to continue to make money after the end of the year. Didn’t you?

“At this stage, users can opt out if needed,” Kim says, referring to the seven-day notice.

Password Security is moving in the right direction from Google

Google wants users to begin to understand that the benefits of 2FA’s new advanced form of security and convenience outweigh the negative perceptions of the past. “Authentications like this are no longer limited to code. Google has led the development of advanced forms of authentication that guarantee a seamless experience, such as security keys built into mobile phones.” Kim says.

These keys are built directly into your Android smartphone, but iPhone and iPad users can install the Google Smart Lock app instead.

I generally don’t like to opt in to anything, with the exception of improving the security of such accounts.

In particular, Kim seems to have answered the concerns that Immersive Labs application security leader Sean Wright had when he spoke in May. While agreeing to be a good move by Google, Wright said individuals should be able to “accept the risk and decide whether to negate it.” One box has been checked.

Another person gets the checkmark because Wright warned that he needed to “clearly communicate this change” instead of proceeding without properly notifying the user.

Thankfully, the seamless user experience is at the forefront of Google’s thinking here. It doesn’t follow the completely password-free route that Microsoft implemented for Windows 10 and 11 users, but Google is still going in the right direction. “The more passwords are in the past, the more secure and convenient sign-in will be,” Kim concludes.

So the question is not whether this auto-registration is chosen to be included in Google’s 2FA system, but why you haven’t opted in yourself yet.

