Google announced on Tuesday that it will be auto-enrolling 150 million of their users in two-step verification by the end of 2021. The platform will also force two million YouTube creators to turn on two-step verification by the end of the year as well.
In a blog post, Google Chrome product Manager AbdelKarim Mardini and Google account security and safety director Guemmy Kim said the best way to keep users safe is to turn on security protections by default.
“For years, Google has been at the forefront of innovation in two-step verification (2SV), one of the most reliable ways to prevent unauthorized access to accounts and networks. 2SV is strongest when it combines both ‘something you know’ (like a password) and ‘something you have’ (like your phone or a security key),” the two explained.
“2SV has been core to Google’s own security practices and today we make it seamless for our users with a Google prompt, which requires a simple tap on your mobile device to prove it’s really you trying to sign in. And because we know the best way to keep our users safe is to turn on our security protections by default, we have started to automatically configure our users’ accounts into a more secure state.”
In addition to requiring 2SV — also known as two-factor authentication — Google said it checks the security of 1 billion passwords and works to protect Google’s Password Manager, which is built directly into Chrome, Android and the Google App.
Even iOS users can use Chrome to autofill saved passwords and soon Apple users will have access to Chrome’s strong password generation — a feature Apple has been rolling out over the last year on its own devices and platforms.
Google is also planning to add a feature that gives users access to all of the passwords saved in the Password Manager directly from the Google app menu.
In addition to its work for regular users, Google will be providing additional protection for “over 10,000 high risk users this year” through a partnership with organizations that will see them provide free security keys.
“We recently launched One Tap and a new family of Identity APIs called Google Identity Services, which uses secure tokens, rather than passwords, to sign users into partner websites and apps, like Reddit and Pinterest. With the new Google Identity Services, we’ve combined Google’s advanced security with easy sign in to deliver a convenient experience that also keeps users safe,” Mardini and Kim wrote.
“These new services represent the future of authentication and protect against vulnerabilities like click-jacking, pixel tracking, and other web and app-based threats. Ultimately, we want all of our users to have an easy, seamless sign-in experience that includes the best security protections across all of their devices and accounts.”
- Fortinet, Shopify report issues after root CA certificate from Lets Encrypt expires
- Ransomware gangs are complaining that other crooks are stealing their ransoms
- Bandwidth CEO confirms outages caused by DDoS attack
- These systems face billions of attacks every month as hackers try to guess passwords
- How to get a top-paying job in cybersecurity
- Cybersecurity 101: Protect your privacy from hackers, spies, the government