Google Looks to Improve Security with 2SV Auto-Enrollment

Google says that by the end of 2021 it will automatically enroll about 150 million Google users and 2 million YouTubers in the company’s two-step verification program. Users will be required to not only enter a log-in password, but also to enter a code sent via text or app or security key. Google declined to say how many of its users had voluntarily enabled the extra security step prior to Alphabet’s new mandate. The move comes as a result of what many describe as consumer apathy in the face of heightened digital dangers. Google, Twitter, Facebook and Instagram have all urged users to adopt two-step verification with lackluster results.

The Wall Street Journal reports that as of 2018 Google indicated less than 10 percent of its account holders were enrolled to use 2SV and that in July Twitter indicated only 2.3 percent of its users had enabled two-factor verification. Meta would not disclose the numbers for Facebook and Instagram but said they were “similar.”

“We think that this is now table stakes,” said Mark Risher, senior director of product management for Android. WSJ notes that Google plans to onboard its remaining accounts as quickly as possible throughout 2022.

Last year, Amazon’s Ring division said it was making 2FA mandatory in the wake of criticism that customers’ home cameras were vulnerable to third-party interference, while Facebook made 2FA a requirement for people using its Business Manager tool to operate company pages and advertising accounts. For everyone else, Facebook has begun prompting to set up 2FA in its Security Checkup feature and is working on making it easier and faster to enable.

“Companies have hesitated to mandate 2FA out of fear that they would drive people away,” WSJ writes. “Setting up 2FA means adding steps to the process of signing up for a service,” because more people are likely to complete sign-ups when the process is faster and involves fewer steps.

Now companies are building their own verification tools to make adding security layers easier and more inviting. Alphabet now has Google Authenticator and Authy, “which ask users to verify their identity by pushing a button or entering a code from another device, and physical security keys that look like flash drives and plug into computers,” WSJ reports.