



Turning on two-factor authentication is a solid piece of advice, and WIRED has been doing it for years. Doing so ensures that passwords are not the only defense against unauthorized access to your account. The only problem? It was always your responsibility to understand how to do that. Today, Google is taking the first step to enable the two elements by default for all users, and where Google is adopting web security, other industries often follow suit. ..

The company said in a blog post this week that users who already have two-step verification enabled will be asked to authenticate by tapping a smartphone prompt each time they sign in to their Google or Gmail account. (Gmail has about 1.8 billion users. You can also use the email addresses of other services to create a Google account.) Google allows existing two-factor users to interact with these mobile prompts. When you evaluate the data about how easy it is, the company will automatically start making a selection. Validate the user in two steps.

Mark Richer, head of product management for Google’s identity and user security, told WIRED that it was the least confusing change and started with users who plan to grow from there based on the results. Multi-factor authentication has historically been considered cumbersome and difficult to set up, but for many users it isn’t.

Multi-factor authentication adds one or more additional checks to the login process, as well as usernames and passwords. The second factor could be a temporary code randomly generated from the authentication app, the presence of a physical authentication key like Yubikey, or a digital token built into the smartphone. Also, adding at least one of these additional layers makes it much harder for phishers, scammers, or other malicious hackers to break into your digital account.

While multi-factor authentication clearly looks like a useful security feature, companies are reluctant to require everyone to use it. Requesting two factors can discourage consumers from trying out services and ultimately have a negative impact on their business. Also, exclude users from services that they want to use in other ways, as they may not have the equipment or know-how to navigate multi-factor authentication.

Ultimately, Richer says he wants all users to have the highest security protection by default across their devices and accounts. At the same time, we recognize that today’s two-step authentication option is suitable for all users, so we are actively working on technologies that provide a secure and fair authentication experience and eliminate password reliance. I will.

Google users can opt out of two-factor authentication if they change their minds. However, the goal is to drive both users and the broader technology industry towards two elements as baseline standards.

Google was a leader in other major web security migrations, from facilitating automatic updates and sandboxing in Chrome to driving ubiquitous HTTPS web traffic encryption. However, batters are not the only ones who are accustomed to multi-factor authentication. Apple doesn’t fully mandate two elements for Apple IDs, but in recent years the company has been actively promoting this feature, making it increasingly difficult to opt out.

Kenn White, security engineer and founder of the Open Crypto Audit Project, is great to see Google working with users to enable multi-factor authentication, in this case using smartphones to move the industry forward. That is. Being able to move easily beyond simple credentials benefits account security and everyone. Also, large organizations such as banks and healthcare are beginning to adopt urgent protection such as mandatory two-factor authentication.

