Google’s about to push everyone into two-factor authentication

Image of two-factor authentication in action

Google will soon make a switch over to a compulsory two-factor authentication system, making it harder for crafty hackers to break into your Gmail or other Google Accounts.

Passwords are notoriously easy to crack, steal or otherwise compromise. In today’s era of highly advanced hackers, they’re pretty dated as a security measure.

That’s why Google is moving beyond passwords. It’s about to start automatically enrolling Gmail and Google account users into two-factor authentication (2FA).

“You may not realize it, but passwords are the single biggest threat to your online security -- they’re easy to steal, they’re hard to remember, and managing them is tedious,” Mark Risher, Google’s product management director for identity and user security, wrote in a blog post on Thursday, which is World Password Day.

“Soon we’ll start automatically enrolling users in 2SV if their accounts are appropriately configured. (You can check the status of your account in our Security Checkup),” he wrote.

So what does Google mean when it refers to your Google account being “appropriately configured” for 2FA? A Google product manager told PCWorld it means users already have recovery information on their accounts, like a phone number or a secondary email.

Two-factor authentication is one of the simplest but most effective security steps that businesses and individuals can take. Also known as multi-factor authentication (MFA) or two-step verification, 2FA is a fairly straightforward process of confirming your identity twice before gaining access to an account or service.

Google already prompts users who are opening new Gmail accounts to enroll in two-factor authentication. The difference is, Google will now automatically enroll users into it.

Although some reports claim Google is making 2FA mandatory, a Google spokesperson told Mashable that users would be able to opt out if they want to.

So far, Google isn’t mentioning a specific timeline for this change, other than Risher writing that it’ll happen “soon.”

Implementing 2FA can go some way toward adding an extra barrier of entry for yourself and any third party attempting to access your account. While security questions seeking personal details, like the name of your first family pet or mother’s maiden name, may help shield user accounts, savvy hackers can easily figure these out, often by rummaging through social media accounts.

Adding the second authentication factor, whether by delivering a code by text message or email or using an authenticator app, adds a more robust protective layer. While it may seem arduous to jump through this hoop time and time again, the benefits of having these hoops in place are untold.