Skip to main content

Google is about to turn on two-factor authentication by default for millions of users

Google is about to turn on two-factor authentication by default for millions of users

/

And it’s reminding you to set up the Inactive Account Manager while you still can

Share this story

If you buy something from a Verge link, Vox Media may earn a commission. See our ethics statement.

Illustration by Alex Castro / The Verge

In May, Google announced plans to enable two-factor authentication (or two-step verification as it’s referring to the setup) by default to enable more security for many accounts. Now it’s Cybersecurity Awareness Month, and Google is once again reminding us of that plan, saying in a blog post that it will enable two-factor for 150 million more accounts by the end of this year.

In 2018, Google said that only 10 percent of its active accounts were using two-factor authentication. It has been pushing, prodding, and encouraging people to enable the setting ever since. Another prong of the effort will require more than 2 million YouTube creators to turn on two-factor authentication to protect their channels from takeover. Google says it has partnered with organizations to give away more than 10,000 hardware security keys every year. Its push for two-factor has made the technology readily available on your phone whether you use Android or iPhone.

A tool that also helps users keep their accounts secure is using a password manager, and Google now says that it checks over a billion passwords a day via its built-in manager for Chrome, Android, and the Google app. The password manager is also available on iOS, where Chrome can autofill logins for other apps. Google says that soon it will help you generate passwords for other apps, making things even more straightforward. Also coming soon is the ability to see all of your saved passwords directly from the Google app menu.

Last but not least, Google is highlighting its Inactive Account Manager. This is a set of decisions to make about what happens to your account if you decide to stop using it or are no longer around and able to make those decisions.

Google Inactive Account Manager
Google Inactive Account Manager
Image: Google

Google added the feature in 2013 so that you can set a timeout period for your account between three and 18 months of disuse before the Inactive Account Manager protocols take effect. Just in case you only switched accounts or forgot about your login, Google will send an email a month before the limit is up. At that point, you can choose to have your information deleted or have it forwarded to whatever trusted contacts you want to have handling things on your behalf. Google’s blog post notes that an inactive account led to the massive Colonial Pipeline attack earlier this year, and just for security’s sake, you probably don’t want your digital life simply hanging around unused for whatever hackers are bored in the future.