Breaking News

Google Account hacks halved after two-step authentication is rolled out by default

Google Account hacks halved after two-step authentication is rolled out by default

The top-line is four months in Google's initiative to enroll users in two-factor authentication by default, detailed in a blog post to coincide with Safer Internet Day on February 8.

In October 2021, the company announced plans to turn two-factor authentication on by default for the 150 million Google users who were not currently using the service and required 2 million YouTube creators to use it. . , In the latest post, Google says it has seen a 50 percent reduction in accounts being compromised with that test user group.

The strategy shows the power of a tech giant like Google to provide security by default and fits into a years-long project to move users toward a more robust security model – ultimately aiming for a future without passwords, a Published according to other blog post. company last year.

Two-factor authentication, or "two-step verification" (2SV) as Google describes it, is a core pillar of this strategy, as protecting an account by requiring a physical object such as a phone to obtain a security key. , or increases significantly. Code via App or SMS. But historically, the problem has been adoption.

In 2018, a Google engineer revealed that more than 90 percent of active Gmail accounts were not using two-factor authentication, raising the question of why Google would not mandate the two-step authentication process. Since then, the company has been on track to make 2SV a default option for a greater share of users and a mandatory step for some.

According to Google representatives, one of the remaining hurdles is a lack of understanding about the full benefits of additional authentication processes.

“A lot of education is needed with 2SV and we want users to understand what it is and why it is beneficial,” said Gummi Kim, director of account security and security at Google.

“We also need to ensure that users' accounts with recovery emails and phone numbers are set up correctly so that they can avoid account lockouts once 2SV is implemented. We have already enrolled users we consider to be early adopters and whose accounts were 2SV ready,” said Kim.

Although there has been a steady increase in the number of web services supporting two-factor authentication, consumer adoption is still low. Twitter, which introduced two-factor authentication in 2013, revealed in 2020 that only 2.3 percent of active accounts had it enabled; On Facebook, that figure was around 4 percent adoption in 2021.

Where adoption exists, the most common 2FA option is to send a one-time code via SMS – which security experts consider the most vulnerable to interception. Ideally, two-factor authentication should use an authentication app like Google Authenticator or Authy, or a physical device like a hardware security key.

No comments