If you use Google services, be prepared for two-factor authentication to become the norm.
Google wants to get more Gmail and Google Account users to turn on two-step verification, an extra level of security that helps protect people whose credentials have been stolen with phishing or exposed in a data breach. . May 6 is "World Password Day", the main purpose of which is to make people less dependent on passwords to secure their online accounts. Google's contribution this year is to get more people to turn on two-factor authentication, also known as "two-factor authentication."
For now, Google is only pushing Gmail's two billion users to enable two-factor authentication. But soon, this option will be enabled by default.
Double authentication by default
“Soon we will start to automatically enable two-factor authentication for our users if their accounts are set up appropriately. (You can check the status of your account in the Security Check-up),” notes Mark Risher, director of product management at Google's Identity and User Security group, in a blog post.
“You might not realize it, but passwords are the biggest threat to your online security - they're easy to steal, hard to remember, and tedious to manage,” he adds.
This second factor, whether it's a security key or a Smartphone, means that someone with your username and password - in most cases - can't not log into your account unless you have physical access to your device.
Put an end to passwords
Google has refined its processes over the years to make two-factor authentication easier to use, but it can still be complicated when you change your mobile phone number. Today, after logging in using a username and password, users who have signed up for the program receive a code by SMS, voice call or through the app Google.
The other option is to use a security key like the Google Titan key. Google has also integrated its security keys into Android phones, and last year it provided the same capability for iPhones, through its Smart Lock app for iOS. “Using a mobile device to log in gives people a more secure authentication experience than passwords alone,” says Mark Risher.
In 99.9% of cases, compromised accounts did not use multi-factor authentication
Sadly, passwords are still commonplace, 17 years after Microsoft co-founder Bill Gates predicted they would one day disappear.
Since then, the world has only seen a proliferation of new combinations of usernames and passwords, but two-factor authentication is more widely adopted and supported in online consumer services and across the board businesses. Multi-factor authentication works. According to Microsoft, 99.9% of the compromised accounts it tracks each month were not using multi-factor authentication.
Microsoft has also done its part by tackling outdated password policies, which lead people to choose bad passwords. Two years ago, Microsoft changed a Windows 10 security recommendation that until then recommended that business users change their passwords every few months. "Periodic password expiration is an old and obsolete measure with a very low value," Microsoft explained at the time.
Google's other password tool is Chrome's built-in password manager. Apple offers the same function in its Safari browser. Mark Risher also draws attention to an experimental feature in Chrome called "import passwords", recently spotted by The Verge. It allows users to import passwords from a CSV file.