In recent months, vulnerable apps, hacked websites, and zero-day exploits have accounted for an increasing amount of the reporting that we do here at BGR. There is risk in everything we do online, but there are many ways to mitigate that risk, such as turning on two-factor authentication (2FA) for any apps, services, or accounts that offer it. Speaking of 2FA, Google decided to take matters into its own hands on that front, as the company announced Thursday that it will soon enable 2FA by default for anyone with an “appropriately configured” Google account.
“Today we ask people who have enrolled in two-step verification (2SV) to confirm it’s really them with a simple tap via a Google prompt on their phone whenever they sign in,” Google’s Director of Product Management, Identity and User Security, Mark Risher, said in a blog post. “Soon we’ll start automatically enrolling users in 2SV if their accounts are appropriately configured. (You can check the status of your account in our Security Checkup). Using their mobile device to sign in gives people a safer and more secure authentication experience than passwords alone.”
Basically, your account is “appropriately configured” if you have provided Google with recovery information, which could be a secondary email address, a phone number, or an authenticator app. You should already be using Google’s two-step verification, but if you’re not, at least make sure to visit the Security Checkup site.
As Google notes earlier in the blog post, searches for the phrase “how strong is my password” increased by 300% in 2020. Meanwhile, millions of you are still using passwords like “123456” or “password” or “qwerty,” so the resounding answer to that search query is an unequivocal “NO.” Make your passwords strong and difficult to guess, use different passwords for all of your accounts, and take advantage of Google’s Password Manager, which not only stores all of your passwords, but also lets you know when and if they have been compromised.
Google’s dream of killing passwords once and for all is still just that — a dream — but as we slowly work our way toward that glorious day, do what you can to keep your accounts and your personal data safe.