By automatically enabling two-factor authentication for users, Google has decreased account hacks by 50 percent, the company has announced.
It’s the result of an initial trial announced in October, in which the company enabled 2FA security – or “2-Step Verification (2SV)”, in Google’s parlance – for 150 million Google account users by default. The effort also extended to 2 million YouTube creators. That meant that in order to log in, users would need to employ either a second-factor security key or an authentication app, such as the Google Smart Lock, in order to verify that they were indeed the ones trying to access their accounts.
Now, in a blog post, the tech giant’s Director of Account Security and Safety, Guemmy Kim, has revealed that the change cut account compromise incidents in half for the sample user group.
Kim framed Google’s 2FA effort as an acceleration of the company’s “journey to eliminating password threats”, and suggested that the nudge toward stronger security will greatly expand going forward. “Ultimately, we want all of our users to have the best security protections in place — by default — across their devices and accounts,” she wrote.
Indeed, Google’s efforts toward post-password security in recent years have extended beyond 2FA security keys. In 2019, Google enabled biometric authentication for Android users, and it went on to explore biometric authentication its Autofill function in early 2020. Last summer, the company launched a security feature allowing iOS users to lock private browser tabs behind biometric authentication.
That having been said, Kim’s blog post did not mention biometrics, instead gesturing to second-factor authentication more broadly as the company seeks to expand 2SV auto-enrolment in the coming months. Urging users to embrace 2SV proactively, the post noted that the Biden Administration had issued an executive order requiring government agencies to implement multi-factor authentication, signalling its importance.
“Turn on 2SV (or we will!),” wrote Kim.