Skip to main content

Google will soon switch on two-factor authentication by default

Google will soon switch on two-factor authentication by default


Your account will need to be properly configured for it, though

Share this story

If you buy something from a Verge link, Vox Media may earn a commission. See our ethics statement.

Image: Google

Google is about to take a pretty significant step that will help keep user accounts more secure: it’s going to enroll people in two-factor authentication by default. Today the company wrote in a blog post that it will soon start enrolling customers in two-factor authentication (or “two-step verification,” as Google calls it) if their accounts are “appropriately configured.”

Once enabled, they’ll receive a prompt on their smartphone to verify that an attempted login with their Google account is legitimate. “Using their mobile device to sign in gives people a safer and more secure authentication experience than passwords alone,” said Google’s senior director of product management, Mark Risher. (On-phone alerts are more secure than SMS messages, which can be intercepted.)

If standard two-factor authentication doesn’t cut it for you, you can always use a physical security key like those from YubiKey, or Google’s own Titan, as another way to safeguard your account. Back in 2019, Google also added the option for Android smartphones to serve as a security key, and this has since been extended to iPhones.

This is all part of Google’s push for “a future where one day you won’t need a password at all,” and the news comes on World Password Day. Distressingly, even after countless enormous hacks and password dumps, Google says 66 percent of Americans “still admit to using the same password across multiple sites, which makes all those accounts vulnerable if any one falls.”

Google advises customers to go through the company’s quick security checkup to ensure their settings and account protections are where they should be.