Google has spent the better part of 10 years persuading users to add an extra layer of security verification to their accounts. Now, that’s asking nicely.
Alphabet Inc. The entity said it plans to automatically enroll 150 million Google accounts and 2 million YouTube accounts in its two-step verification program by the end of the year. Users will have to do much more than just enter a password to log into their accounts. They’ll also need to enter a code sent via an app or text message, or plug in a physical security “key.” Users can opt out if they wish.
“We think it’s table stake now,” said Mark Risher, Google’s senior director of product management for the Android operating system and former head of its security and identity teams. The company said it would enroll the rest of its accounts as soon as possible starting in 2022, but declined to disclose how many accounts it has registered.
Companies like Google are pushing more account holders to use two-step verification, which is a variation of the commonly used two-factor authentication, or 2FA. Passwords are no longer enough to keep accounts secure, he says, and hacked accounts can cost companies time, money, and a variety of troubles.
On the other hand, consumers are not realizing the inevitability. While Google declined to say how many of its accounts currently have two-step verification, in 2018 a company engineer put the figure at less than 10%.
In July, Twitter Inc. revealed that only 2.3% of its active accounts had 2FA switched on during the second half of last year. Meta Platforms Inc., formerly known as Facebook Inc., declined to disclose the percentage of its 2FA active accounts, but said the figures for its Instagram and Facebook platforms are similar.
According to digital-security professionals, reluctance to enroll in 2FA stems from users’ mistaken belief in passwords, frustration or confusion during setup, or simple laziness.
Many people don’t even recognize how their lack of security can affect others, said Jean Camp, director of Indiana University’s Center for Security and Privacy in Informatics, Computing and Engineering.
Pro. Camp said hackers only need access to one account to do a world of harm, such as gaining access to other accounts, sharing intimate information and photos, and allowing the account holder to extort money from their friends, family and coworkers. impersonate for.
Now tech companies are slowly turning the strategy of “it’s there if you want it” to essentially enrolling in 2FA or design technologies that strongly encourage it.
Twitter began rolling out pop-up messages in 2018, prompting some users—mainly those with verified and election-related accounts—to set up the tool, adding it as an option in Settings. Five years after joining. Twitter said it has evidence that signals increased 2FA adoption but declined to disclose how much.
Amazon.com Inc.’s smart-home company, Ring, announced last year that it was making 2FA mandatory for all users after criticism that customers’ home cameras could be easily accessed by others.
And Meta last year began making 2FA mandatory for people who use its Business Manager tools to run companies’ Pages and advertising accounts. Enrollment in the voluntary program also requires 2FA, which was previously designed to protect political accounts ahead of the 2020 presidential election, and is now being opened up to some other high-profile users. For regular users, the company said it is giving a nod to Facebook’s security check feature to set up 2FA and is investing in making it easier and faster to enable.
Companies are also creating a variety of verification tools to make the process more user-friendly. These include multifactor-authentication apps like Google Authenticator and Authy, which ask users to verify their identity by pressing a button or entering a code from another device, and physical security keys that look like flash drives and are embedded in computers. plugs in.
2FA systems that send verification codes via text message are the ones most familiar to consumers but most vulnerable to phishing attacks, security officials and academics say.
Companies have been hesitant to make 2FA mandatory for fear that they will drive people away.
Setting up 2FA means adding steps to the process of signing up for a service, and “more people will complete the sign-up flow with fewer steps,” said Tracy Chow, founder and chief executive of Block Party, an app called Designed to filter. Unwanted mentions and messages on social media.
Block Party requires users to set up a second verification method when they join, even though it could mean fewer people registering in the first place, Ms Chou acknowledged.
Even in 2018 Google said it would not mandate two-step verification over concerns that additional barriers could isolate users. According to Google executive Mr Risher, the company has changed course for three reasons: 2FA systems are now easier to use and more familiar to consumers, smartphone or second-device usage is at a high, and widespread attacks are much more prevalent. are visible and serious.
“Everyone, if they haven’t been hacked themselves, will have a close friend or family member,” he said. “They now know the consequences, their imaginations have grown.”
Don’t miss a story! Stay connected and informed with Mint.
download
Our App Now!!
.