Tech companies are pushing users to adopt two-factor authentication

Google has spent most of 10 years persuading users to add an extra layer of security verification to their accounts. Now it’s done to ask nicely.

The alphabet Inc.

The unit said it plans to automatically enroll 150 million Google accounts and 2 million YouTube accounts in its two-step verification program by the end of the year. Users will need to do more than just enter a password to log into their accounts. They will also need to enter a code sent via an app or text message, or plug in a physical security “key”. Users can unsubscribe if they wish.

Google will automatically enroll certain accounts in a two-step verification.



“We think these are table stakes now,” said Mark Risher, senior director of product management for Google’s Android operating system and former head of its security and identity teams. The company said it will register the rest of its accounts as quickly as possible starting in 2022, but declined to disclose how many accounts it has registered.

Companies like Google are pushing more account holders to use two-step verification, a variant of two-factor authentication or 2FA that is more commonly used. Passwords are no longer enough to secure accounts, they say, and hacked accounts can cost businesses time, money, and a lot of trouble.

Consumers, on the other hand, don’t seem to feel the imperative. While Google declined to say how many of its accounts currently have two-step verification, a company engineer in 2018 estimated the figure to be less than 10%.

Twitter Inc.

in July revealed that only 2.3% of its active accounts had activated 2FA in the second half of last year. Meta-platforms Inc.,

the company formerly known as Facebook Inc.,

declined to disclose the percentage of its accounts that have 2FA enabled, but said its Instagram and Facebook platforms have similar numbers.

According to digital security professionals, the reluctance to sign up for 2FA tends to stem from users’ misplaced trust in passwords, frustration or confusion during setup, or a simple laziness.

Many people also don’t recognize how their lack of security can affect others, said Jean Camp, director of the Center for Security and Privacy in Informatics, Computing and Engineering at Indiana University.

Hackers only need access to one account to do a world of harm, such as accessing other accounts, sharing intimate information and photographs, and posing as the account holder to defraud the account. money from friends, family and colleagues, Professor Camp said.

Now, tech companies are gradually replacing a “it’s there if you want” strategy with mandates to enroll in 2FA or design techniques that strongly encourage it.

In 2018, Twitter began delivering pop-up messages inviting certain users, mostly with verified and election-related accounts, to configure the tool, five years after adding it as an option in settings. Twitter said it has evidence that prompts have increased adoption of 2FA, but declined to disclose how much. Inc.

Smart home company Ring announced last year that it was making 2FA mandatory for all users following criticism that customers’ home cameras could easily be viewed by others.

And last year, Meta began mandating 2FA for people who use its Business Manager tool to manage business pages and ad accounts. It also requires 2FA to sign up for a voluntary program that was first designed to protect political accounts ahead of the 2020 presidential election, and is now open to certain other high profile users. For regular users, the company said it is rolling out a prompt to configure 2FA in Facebook’s security control feature and is investing to make it easier and faster to activate.

Companies are also developing a variety of verification tools to make the process more user-friendly. These include multi-factor authentication applications, such as Google Authenticator and Authy, which require users to verify their identity by pressing a button or entering a code from another device, and keys to physical security that looks like USB keys and plugs into computers.

2FA systems that send verification codes via SMS are the most well-known to consumers, but are the most vulnerable to phishing attacks, according to security officials and academics.

Companies have been reluctant to mandate 2FA for fear of scaring people away.

More experience report

Setting up 2FA means adding steps to the registration process for a service, and “more people will complete registration flows if there are fewer steps,” said Tracy Chou, Founder and CEO of Block Party, an application designed to filter unwanted messages and mentions on social networks.

Block Party requires users to set up a second verification method when they register, although that may mean fewer people register in the first place, Ms. Chou acknowledged.

Even Google in 2018 said it wouldn’t impose a two-step verification over fears the additional hurdles would alienate users. The company has changed course for three reasons, according to Mr. Risher, the head of Google: 2FA systems are now easier to use and more familiar to consumers, the use of smartphones or second devices is high and Widespread attacks are much more prevalent. , visible and serious.

“Everyone, if they haven’t been hacked themselves, will have a close friend or family member who has been,” he said. “They now know the consequences, their imaginations have grown.”

Write to Katie Deighton at [email protected]

Copyright © 2021 Dow Jones & Company, Inc. All rights reserved. 87990cbe856818d5eddac44c7b1cdeb8

Source link

About Geraldine Higgins

Check Also

27 under police investigation for various offenses after nightlife restrictions eased

SINGAPORE: A total of 27 people are under police investigation for various offenses after Singapore …

Leave a Reply

Your email address will not be published.