Google's announced some changes to how it's helping millions of its users stay safe and secure. The biggest of those changes is that it plans to auto-enrol its users in to two-step verification, or 2SV.
2SV adds an extra layer when logging into your account and the additional step happens after you've entered your password. For Google users, it involves just tapping a notification on their phone to confirm it's them. It's simple, and it dramatically decreases the chance of someone else accessing an account.
AbdelKarim Mardini, Group Product Manager for Chrome, and Guemmy Kim, Director of Account Security and Safety, wrote in a blog post:
2SV has been core to Google’s own security practices and today we make it seamless for our users with a Google prompt, which requires a simple tap on your mobile device to prove it’s really you trying to sign in. And because we know the best way to keep our users safe is to turn on our security protections by default, we have started to automatically configure our users’ accounts into a more secure state.
By the end of 2021, we plan to auto-enroll an additional 150 million Google users in 2SV and require 2 million YouTube creators to turn it on.
It's been a long time coming—Google announced its intentions to auto-enrol users into 2SV back in May. Then, in August, Google's official YouTube Twitter account told content creators they will have to enable their 2SV in order to log in.
For those who, for some reason, cannot use the 2SV option, Google says it's "working on technologies that provide a convenient, secure authentication experience and reduce the reliance on passwords in the long-term."
Google has a handy Security Checkup that's worth going through, to make sure your account is as secure as it can be, and ready for 2SV.
Lastly, Google has shared other methods of securing accounts, such as building security keys in Android devices; creating the Google Smart Lock App for Apple users; creating the Titan Security Key, a 2SV physical key; and creating the Google Identity Service, a way to verify identities using tokens instead of passwords.