Skip to Main Content
PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

Google to Opt People Into Two-Factor Authentication Automatically

Google will start with those who regularly engage with Google products on mobile and have recovery options saved to their accounts, but going forward, 2FA will be opt out rather than opt in.

By Michael Kan
May 6, 2021
(Image: Getty)

To stop hackers, Google is preparing to automatically turn on two-factor authentication for user accounts rather than make it opt-in.

“Soon we’ll start automatically enrolling users in 2SV [two-step verification] if their accounts are appropriately configured,” Mark Risher, a Google director of user security, wrote in a blog post.

The announcement comes on World Password Day. Using a strong password is a crucial way to prevent hijackers from breaking into your account. But for even more protection, many services also offer two-factor authentication (2FA), which adds an extra step to the log-in process. 

The security safeguard works by tapping into your smartphone to generate a one-time passcode—either via text or an authenticator app—which can then be typed into a login form. Google also allows people to approve 2FA logins by tapping a prompt inside its own apps.

google 2fa

However, two-factor authentication (2FA) is usually optional and involves you going into your account settings and turning it on. 2FA can also become a time suck, requiring you to pull out your phone, wait for or hunt down the code, and then type it in. However, Risher is confident Google has addressed this core complaint. 

“It used to be that multi-factor authentication was considered tedious and challenging to set up—that is no longer the case,” he told us in an email. “Many users are already positioned to use a second step of verification across their accounts—this auto enrollment process is a way for us to help get them there.” 

According to Risher, Google plans to expand mandatory 2FA to users who regularly sign in to their account and engage with Google products on their mobile devices, and have recovery information saved to their accounts, such as a secondary phone number or email. 

“More factors means stronger protection, but we need to ensure users don’t get accidentally locked out of their accounts,” he added. “That’s why we’re starting with the users for whom it’ll be the least disruptive change and plan to expand from there based on results.”

The Google prompt option also simplifies sign-ins. “Today we ask people who have enrolled in two-step verification (2SV) to confirm it’s really them with a simple tap via a Google prompt on their phone whenever they sign in,” Risher wrote. 

That second step should also only appear if you’re signing into a new device. For devices you regularly use and trust, it should rarely appear. "Our ultimate goal is to get everyone into a more protected and secure state by default," Risher added. But if you’re not a fan of the two-factor authentication, Risher says you can opt out.

That's not the case with Apple. Though 2FA is still optional on Apple devices, you only have two weeks to turn it off once you opt in. After that, there's no way to go back. "Certain features in the latest versions of iOS and macOS require this extra level of security, which is designed to protect your information," Apple says.

Google has long required 2FA for its employees. In 2017, it started giving out physical security keys to its then-85,000 employees. A year later, it said that no employees had reported any confirmed takeovers of work-related accounts.

What Is Two-Factor Authentication?
PCMag Logo What Is Two-Factor Authentication?

Like What You're Reading?

Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.


Thanks for signing up!

Your subscription has been confirmed. Keep an eye on your inbox!

Sign up for other newsletters

TRENDING

About Michael Kan

Senior Reporter

I've been with PCMag since October 2017, covering a wide range of topics, including consumer electronics, cybersecurity, social media, networking, and gaming. Prior to working at PCMag, I was a foreign correspondent in Beijing for over five years, covering the tech scene in Asia.

Read Michael's full bio

Read the latest from Michael Kan