Google to Auto-Enroll More Users in Two-Factor Authentication, Citing Decrease In Hacks

pcmag.com:

If you still don't have two-factor authentication on your Google account, don’t be surprised if the company requires you to adopt it. 

Google saw a notable decrease in password-based account hijackings after it automatically enrolled 150 million users into what it calls two-step verification (2SV), so it now plans to auto-enroll even more accounts. "In 2022, we’ll continue our 2SV auto enrollments, make signing in even more seamless," the company wrote in a blog post.  

Google didn’t say which users will get the two-factor push, but after it expanded the 2SV adoption to 150 million users, "we have seen a 50% decrease in accounts being compromised compared to those not enrolled,” the company said. 

Two-factor authentication adds an extra step to the login process. This means if a hacker gets a hold of your password, it won’t be enough to break into your account. Instead, under many two-factor authentication processes, the hacker will also need access to your smartphone.

Google didn’t say if the company’s 2SV system is stymying all hijacking attempts. But the company said the 50% decrease in hijackings “speaks volumes to how effective having a second form of verification can be in protecting your data and personal information.” 

Indeed, security experts in general recommend every user should activate two-factor authentication on their most important accounts. But that said, the security safeguard isn’t always convenient or flawless, especially SMS-based two-factor authentication. 

In Google’s case, the company has been trying to make two-factor authentication convenient by issuing a login prompt to the account holder’s smartphone after the correct password is successfully entered. Tapping the word "yes" on the prompt will