Google will begin automatically enrolling users in two-step verification
In an attempt to keep users' accounts secure, Google will soon require users to confirm their identity by accepting a prompt on their mobile devices.
Just in time for World Password Day, Google has announced that it will begin automatically enrolling users into its new two-step verification process. Users will soon be required to tap a Google prompt on their smartphone whenever they sign in to a Google service.
Users will be automatically opted in if their accounts are appropriately configured, though the company does not explicitly say what "appropriately configured" means.
Google points out that Android devices already feature Google's security keys, allowing users to receive Google prompts without installing a secondary app. For iPhone users, users will be required to install the Google Smart Lock app.
The move is designed to keep a user's email account safe in the event of a data breach. Google states that "66% of Americans admit to using the same password across multiple sites, which makes all those accounts vulnerable if any one falls."
While Google says they'd like to move forward for a password-free future, they also point out that Google's Password Manager allows users to create complex and unique passwords and store them in their Google account. The service is available for Chrome-based browsers, Android, and iOS.
Recently, Google announced plans to eventually abandon third-party cookies and move to a new method of collecting data on users in aggregate to assist in targeting ads. The company began opting in users into beta test without their knowledge.
Stay on top of all Apple news right from your HomePod. Say, "Hey, Siri, play AppleInsider," and you'll get latest AppleInsider Podcast. Or ask your HomePod mini for "AppleInsider Daily" instead and you'll hear a fast update direct from our news team. And, if you're interested in Apple-centric home automation, say "Hey, Siri, play HomeKit Insider," and you'll be listening to our newest specialized podcast in moments.
Just in time for World Password Day, Google has announced that it will begin automatically enrolling users into its new two-step verification process. Users will soon be required to tap a Google prompt on their smartphone whenever they sign in to a Google service.
Users will be automatically opted in if their accounts are appropriately configured, though the company does not explicitly say what "appropriately configured" means.
Google points out that Android devices already feature Google's security keys, allowing users to receive Google prompts without installing a secondary app. For iPhone users, users will be required to install the Google Smart Lock app.
The move is designed to keep a user's email account safe in the event of a data breach. Google states that "66% of Americans admit to using the same password across multiple sites, which makes all those accounts vulnerable if any one falls."
While Google says they'd like to move forward for a password-free future, they also point out that Google's Password Manager allows users to create complex and unique passwords and store them in their Google account. The service is available for Chrome-based browsers, Android, and iOS.
Recently, Google announced plans to eventually abandon third-party cookies and move to a new method of collecting data on users in aggregate to assist in targeting ads. The company began opting in users into beta test without their knowledge.
Stay on top of all Apple news right from your HomePod. Say, "Hey, Siri, play AppleInsider," and you'll get latest AppleInsider Podcast. Or ask your HomePod mini for "AppleInsider Daily" instead and you'll hear a fast update direct from our news team. And, if you're interested in Apple-centric home automation, say "Hey, Siri, play HomeKit Insider," and you'll be listening to our newest specialized podcast in moments.
Comments
It should not be mandatory to require a mobile device for anything on the web or to interact with government.
For those of you who believe that it should not be mandatory to require a mobile device for anything on the web, you should be pleased to learn that Google agrees with you. You do not need a mobile device to set up multi factor authentication. The AI article doesn't delve into it, but the MFA/two-step options not requiring a mobile phone include phone calls (doesn't have to be mobile!), a security key like a Yubikey, or even a printable sheet of one-time passcodes. If you do have a mobile device, you can use SMS messages (not ideal) or an authenticator app for MFA.
If they're going to make it more difficult to go in and delete everything, I'll just do it once a month. instead of once or twice a week.
Phone numbers are an extremely reliable way to correlate multiple accounts belonging to the same person. Vanishingly few people go to the trouble of maintaining more than one cell phone, one work desk phone, and one landline (and that last one has all but died out).
I have about 30 email addresses I use for different things (mostly vendors or services I don't want to be able to correlate my activity), and a few of them are Gmail accounts dating back to when it first dropped the invitation requirement. If I gave Google my phone number, which is required to activate MFA, they would be able to correlate all of the Gmail accounts as probably belonging to the same person. The passwords for all of my Gmail accounts are long, randomly generated, and never reused for anything else, so the only possible source of a leak is Google themselves.
Frankly, it's the same as cross-site tracking via third-party cookies or hidden frames or invisible 1x1 gif "beacons" in emails. They don't need to know that the same person owns these different accounts.
The same thing they do with all the other data they collect without my express permission - collect, monetize and sell it. I have nothing important on my google account so I’m totally fine with my password as it is.
Rayz2016 said: I hadn’t heard of Authy - I’ll have to check it out.
2FA is the bane of human existence! I often forget my phone at home, and I don't want the hassle. Apple makes it hard to keep stupid 2FA turned off, but I assure you that it is possible. Just make sure you don't have iCloud Keychain enabled, because that forces you to have it. And watch out of the nagware popups now and then on iOS which try to trick you into enabling 2FA. Apple is more sly than Google in that regard. But Google are a band of idiots too for trying to force this upon us. I agree with others who cited folks who don't have a smartphone at all. It's encroaching on my individual liberty to demand I have that switched on. If I want a less secure account, regardless of reason, that must be my prerogative. To me, forcing 2FA on me is far, FAR worse than Ad tracking. At least with Ad tracking, there are ways around it. But if you force all accounts to have it, then choice is gone. I've written to Tim Cook about this, but my email was ignored, no doubt. I want to be in charge of enabling or disabling that which is considered "secure."