If you don’t have two-factor authentication activated on your Google account, don’t be surprised if the company does it for you.
On Tuesday, Google announced it plans on auto-enrolling 150 million users into the company’s “two-step verification” system by the end of this year. This means anyone logging on to the affected Google accounts will need both the registered password and access to the account holder’s mobile phone.
Google originally introduced its effort to auto-enroll users into the two-factor authentication system back in May. But at the time, the company simply said the plan would be implemented “soon” without elaborating.
It’s unclear if Google has already been auto-enrolling users since then. But on Tuesday, the company specifically mentioned the 150 million figure.
“By the end of 2021, we plan to auto-enroll an additional 150 million Google users in 2SV and require 2 million YouTube creators to turn it on,” Google Chrome Product Nanager AbdelKarim Mardini and Account Security Director Guemmy Kim write in a blog post.
The search giant is auto-enrolling a wide number of users to help stop account hijackings. Hackers can often break into online accounts by using software programs to successfully guess the passwords or by uncovering re-used login credentials from past data breaches.
However, a two-factor authentication can stymie an intrusion attempt by requiring anyone logging in to provide a second mode of user verification, which usually involves generating a one-time passcode on the account holder’s smartphone. The passcode then has to be entered into the login window.
In Google’s case, the company will issue a prompt to the account holder’s smartphone after the correct password is successfully entered. Taping the word “yes” on the prompt will then complete the login process.
“2SV has been core to Google’s own security practices and today we make it seamless for our users with a Google prompt, which requires a simple tap on your mobile device to prove it’s really you trying to sign in,” Google says in Tuesday’s announcement.
However, the company is only going to auto-enroll users to the 2SV system if they have recovery information saved to their accounts, such as a secondary phone number or email. “We also recognize that today’s 2SV options aren’t suitable for everyone, so we are working on technologies that provide a convenient, secure authentication experience and reduce the reliance on passwords in the long-term,” the company adds.
If you’re not a fan of Google’s two-factor authentication system, you can also opt out by going into your account settings. The company’s 2SV prompt should only appear for devices you’re signing into for the first time. For devices you regularly use and trust, it should rarely appear.