Google unveiledr recently that is working to get all users to start using two-factor authentication (2FA), which can prevent attackers from gaining control of your accounts by using compromised credentials or by guessing passwords.
On the occasion of World Password Day, Google announced that it will soon implement automatic activation of two-factor authentication for all users.
Mark Risher, director of product management, identity and user security at Google, said:
“You may not realize it, but passwords are the biggest threat to your online security: they are easy to steal, difficult to remember, and tedious to manage. Many people think that a password should be as long and complicated as possible, but in many cases this can increase the security risk. Strong passwords cause users to use them for more than one account; in fact, 66% of Americans admit to using the same password on more than one site, leaving all of these accounts vulnerable if one fails.
“In 2020, searches for 'how secure is my password' increased by 300%. Unfortunately, even the most secure passwords can be compromised and used by an attacker, so we have invested in security controls that prevent you from using weak or compromised passwords. "
The move to automatically enable two-factor authentication aims to increase the security of Google user accounts by eliminating the "most important threat" that facilitates hacking: passwords that are hard to remember and, worse, easy to steal.
According to Mark Risher, one of the best ways to protect an account against a bad or cracked password is to set up a second form of verification, another way for your account to confirm that it is really your connection. He recalled that Google has been doing this for years "making sure your Google account is protected by various levels of verification."
As a first step towards this process, the company will ask users who have already enabled two-factor authentication have them confirm their identity by tapping a message from Google on their smartphone every time they sign in.
We will start soon. Automatically enable Two-Factor Authentication for users who have accounts configured correctly. (You can check the status of your account in our Security Control). Using your mobile device to log in gives users a more secure authentication experience than passwords alone. "
For those of you interested in being able to enable two-factor authentication for your Google account now, all you have to do is go to the following link Click on the "Get Started" button to add an extra layer of security.
Once two-factor authentication is enabled on your account (configured to work via text / voice message codes, the Google Authenticator app, or with security keys), you will block unauthorized access by creating a layer Additional defense designed to prevent malicious login attempts.
This means that attackers will not be able to take control even if they manage to steal your credentials, unless they also have access to your device to confirm your malicious login attempts.
When 2FA is enabled, you will be asked to enter your password, as usual, every time you log into your Google account. However, you will need to confirm your identity using a code sent by text message, voice call or mobile app. If you have a password, you can also insert it into your computer's USB port to confirm that you are trying to connect.
“We are also integrating advanced security technologies into devices to make this multi-factor authentication transparent and even more secure than a password. For example, we integrated our security keys directly into Android devices and launched our Google Smart Lock app for iOS. Users can now use their phone as a secondary means of authentication. "
Finally, if you are interested in knowing more about it, you can consult the details in the following link.