As part of Cybersecurity Awareness Month, Google is making some changes and improvements to its security features. This includes making password sign-ins more seamless and safer for those who choose to enable it. More importantly, Google will be automatically enabling two-step verification for more than 150 million users by the end of the year. Earlier this year they’ve already said they will be automatically enabling this on eligible accounts and now they’re widening the rollout for the protection of users who may be unaware they are at risk.
Two-factor authentication on Google includes tapping yes on another device or using a physical security key in the device you’re using when logging on to your Google account. While they have enabled this for a lot of accounts since May, they will be auto-enrolling 150 million more Google users by the end of the year. They will be working on technologies that will make two-step verification more convenient and seamless so as to lessen the reliance on passwords eventually.
For now though, those who are still using passwords to sign in for other accounts should be able to have a more secure and seamless experience when using Google’s Password Manager. This is built into Chrome, Android, and the Google app. They will be rolling out a feature in the Google app where you can access all the passwords you’ve saved in the Password Manager from the Google app menu directly.
Security keys are considered the most secure of the 2FA methods and so Google has partnered with organizations to bring free security keys to more than 10,000 high risk users. They did not define what kind of users are considered high though. They have also built the capability into Android phones to make security keys more accessible. They’ve also recently launched One Tap and Google Identity Services which use secure tokens to sign in and not passwords.
It’s good that users are not taking their online security for granted anymore but there are also still a lot that do not enable two-step verification. Having it automatically enabled for their Google accounts should be a good step even if some might find it annoying or inconvenient.