Google indicators up 150 million folks for two-factor authentication: What it’s, the way it works

Google signs up 150 million people for two-factor authentication: What it is, how it works

Google is auto-enrolling accounts in two-step verification.

Angela Lang/CNET

Google, in observance of Cybersecurity Consciousness Month, plans to auto-enroll 150 million customers in two-step verification and require two million YouTube creators to show the safety function on by the top of 2021. Having a second type of authentication while you login to your accounts dramatically decreases the chance of an attacker having access to your private data, the search big mentioned in a weblog put up. 

Organising two-step or two-factor authentication (additionally referred to as 2FA) is turning into commonplace as a solution to make it tougher for scammers and fraudsters to achieve management over your id and accounts — and to show that you just’re actually you. That is as a result of it makes use of a second motion to substantiate your id, for instance earlier than you financial institution on-line. 

Two-factor verification goes hand in hand with use of a password supervisor that units up and remembers complicated passwords which can be rather more safe than a brief set of phrases and symbols, resembling P4ssW0rd*. Utilizing each would increase your account safety. Whereas two-factor authentication could be time-consuming to arrange for each account, it is comparatively simple to arrange and use, and nicely well worth the effort. 

Within the spirit of cybersecurity consciousness, we additionally advocate checking to see in case your account passwords are already on the darkish net (after which altering them) and significantly contemplating a password supervisor should you do not use one already (we now not advocate LastPass, however Bitwarden is an efficient various). 

Learn extra: Cybersecurity Consciousness Month: Time on your security verify

What’s two-factor, or two-step, authentication?

Two-factor authentication (additionally typically written as 2FA) can be generally known as two-step verification or multifactor verification. For simplicity’s sake, I will confer with it as two-factor authentication or 2FA during this put up. 

Consider two-factor authentication as an additional layer of safety on your on-line accounts. In case you’re not utilizing 2FA on an account, your login course of includes getting into your username and password, and that is it. Two-factor authentication provides an additional step to that course of. First, you will enter your username and password, then you definately’ll be requested to enter a one-time passcode (typically additionally referred to as an OTP) which is often a six- to eight-digit quantity. You get hold of that quantity, which adjustments each 30 to 60 seconds, by way of an app or a textual content message. 

As soon as you’ve got entered that code, solely then are you granted entry to your account. 

Successfully, a would-be dangerous man would wish to know your username and password and have taken over your cellphone quantity or have bodily entry to your cellphone and your authenticator app of option to register to your financial institution’s web site or your e-mail account. There’s nonetheless one thing to remember, although. 


Utilizing a password supervisor is the simplest solution to improve safety with out additionally rising the burden on your self.


For the perfect safety, do not use SMS to retrieve your codes. Use an app as an alternative

When two-factor authentication first began to roll out to varied web sites and companies, almost all of them solely supported sending your one-time password by way of textual content message. And whereas that is a handy and simple solution to obtain your codes, it is also wildly insecure as a consequence of SIM swap fraud

SIM swap fraud happens when somebody calls your wi-fi provider impersonating you and convinces the worker to vary the SIM card linked to your cellphone quantity. With all of your incoming calls and textual content messages now being routed to another person’s cellphone, they will register to any on-line account of yours that is been a part of any form of knowledge breach or hack. 

Making issues even worse are hacks just like the current T-Cell breach, which included sufficient of a buyer’s private data for anybody to impersonate you once they name buyer care together with PIN codes that clients added as an additional safety step. 

Now playing:
Watch this:

In a world of bad passwords, a security key could be…


See how quickly things can spiral out of hand if you’re using text messages to receive, say, your bank’s 2FA codes? 

If at all possible, use an authenticator app like Google Authenticator or a password manager to store your temporary codes

I use a password manager to create and store all of my account passwords, along with my one-time passwords. The app not only lets me know when a new service supports two-factor authentication, but it also will copy and paste the code when I’m logging in to an app or website, making the entire process of using 2FA painless.

In addition to being more secure, an app doesn’t require an active internet connection to show you the current code assigned to your account. That means if you’re traveling and on a plane, you can still access your code — something you can’t do if you have to receive it via SMS. 


When turning on two-factor authentication, make sure to take note of your recovery codes. 

Matt Elliott/CNET

Don’t gloss over saving recovery codes

When you go through the process of setting up two-factor authentication, you’ll be prompted to save a recovery code (or a series of recovery codes). DO NOT SKIP THIS STEP. 

That recovery code is what you’ll use to get back into your account should something happen and you lose access to your two-factor authentication codes. It’s not something that companies like Apple take lightly. Without that code, your account is as good as closed, and with it all of the data it holds. 

Hypothetically, let’s say you have your 2FA codes arriving via text messaging. After a fun night out with friends, you realize your phone is gone, and with it, access to your OTP codes. And the only way to sign in to your bank account or your carrier is with a one-time password, unless you have a recovery code. 

Trust me, as someone who has had to use a recovery code a time or two, future you will thank present you for saving your recovery code. 

I suggest saving anything related to recovery in a password manager and taking a screenshot of the code that you can store in a secure place, even if that means printing it out and keeping it in a file. 

Here are the links to either the proper account settings page to set up 2FA, or to the appropriate support page detailing how to enable 2FA for popular companies and websites. If a company isn’t listed below, I recommend searching for the company name with two-factor in the query (e.g. “Facebook two-factor”). 

The website has a searchable database with direct links to the appropriate support page for many websites. You should also take some other steps to protect your personal info, and here’s what you can do to limit the chances of experiencing SIM swap fraud yourself. 

Yes, two-factor authentication is worth the trouble 

You’re right, to some extent 2FA is a hassle. But it could be worse. The longest part of the process is getting it set up for all the online accounts you have that support it. After that, waiting for a code via text messaging or using an app to access the code is a breeze and something you’ll quickly adjust to just being part of your normal routine. 

We haven’t met anyone who particularly enjoys using two-factor authentication, especially on a linked Apple account because it sends an alert to every single device you own, but we do it because it keeps our personal data and financial information secure. If someone were to gain access to our accounts, they could quickly wreak havoc with our personal and professional lives, and it would take weeks or even months to put all of the pieces back together. 

Don’t believe us? Read this story from CNET’s sister site ZDNet. Several years ago, mobile contributor Matthew Miller had his T-Mobile SIM card swapped, and the perpetrator then quickly deleted his entire Google account, used $25,000 from his bank account to purchase bitcoin and locked him out of his Twitter account — and that was just in the first hour or so. 

The small inconvenience of two-factor authentication will go a long way in keeping you from an even bigger hassle. 

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts