Google wants to enable multi-factor authentication by default

 


Google strives to push all its users to start using two-factor authentication (2FA), which can block attackers from taking control of their accounts using compromised credentials or guessing their passwords.

"Soon we'll start automatically enrolling users in 2SV if their accounts are appropriately configured," as Mark Risher, Google's Director of Product Management, Identity and User Security, revealed today.

This move is meant to increase Google user accounts' security by removing the "single biggest threat" making easy to hack: passwords that are hard to remember and, even worse, easy to steal via data breaches and phishing.


In the first of this process, the company will ask users already enrolled in 2FA (aka 2-Step Verification or 2SV) to confirm their identity by tapping on a Google prompt on their smartphones whenever they sign in. 

To enroll in two-factor authentication for your Google Account right now, go here and click the "Get Started" button to add an extra layer of security and block attackers from gaining access to your data.

Google two-factor authentication
Image: Google

"Using their mobile device to sign in gives people a safer and more secure authentication experience than passwords alone," Risher added.

In January 2020, Google announced that iPhones running iOS 10 or later could be used as security keys to verify sign-ins on Chrome OS, iOS, macOS, and Windows 10 devices without pairing.

Previously, the company also made using the security key built-in Android phones running Android 7.0+ (Nougat) generally available, and allowed iOS users to verify sign-ins into Google and Google Cloud services using Android phones set up as security keys.

More information on how to set up your phone as a Google account security key can be found here.

How two-factor authentication protects your account

Once 2FA will be enabled on your account (configured to work via text/voice message codes, the Google Authenticator app, or with security keys), it will block unauthorized access by creating an extra defense layer designed to prevent malicious actors' attempts to log in.

This means that attackers will not be able to take it over even if they manage to steal your credentials unless they also have access to your device to confirm their malicious login attempts.


src:https://www.bleepingcomputer.com/news/security/google-wants-to-enable-multi-factor-authentication-by-default/

Comments