Google will enable two-step verification by default on 150 million accounts before year’s end

We are now in Cybersecurity Awareness Month as Google points out in a new blog post, and as the search giant says, “For most of us, passwords are the first line of defense for our digital lives. However, managing a set of strong passwords isn’t always convenient, which leads many people to look for shortcuts (i.e. dog’s name + birthday) or to neglect password best practices altogether, which opens them up to online risks. At Google, we protect our users with products that are secure by default – it’s how we keep more people safe online than anyone else in the world.”

Google wants to improve password security by adding two-step verification (2SV) by default on Google accounts

One of the best things that a smartphone user can use to protect his privacy is two-factor authentication (2FA), or as Google calls it, two-step verification (2SV). This adds another layer of security when logging in to an app. With 2FA/2SV, when entering the password to open an app you will receive a text message on your personal device with a unique one-time code that you type in to verify your identity and open the app.

As Google points out in the blog, adding that additional layer of authentication sharply reduces the chances that a hacker can break into an account. Google says that two-step verification is “one of the most reliable ways to prevent unauthorized access to accounts and networks.” It combines something you know, such as a password, with something you have such as your phone or a security key.

Google has made signing in using 2SV as seamless as possible by offering a prompt that requires a single tap to prove that you are who you say you are. Google states that the best way to keep its users safe is to turn on its security protections by default. As a result, it has started to automatically make its users’ accounts more secure and before the end of this year, it will auto-enroll an additional 150 million Google users in 2SV while requiring 2 million YouTube creators to enable 2SV.

The Alphabet subsidiary admits that 2SV is not for everyone and it is working on developing technology that reduces the reliance on passwords in the long term. At the same time, the company is always seeking to improve the experience of having your identity authenticated. At this moment, Google is auto-enrolling accounts that have the “proper backup mechanisms in place to make a seamless transition to 2SV.”

Back in 2018, Google said that only 10% of its accounts were using 2FA or 2SV. By the end of this year, that percentage will be much higher. And Google is also partnering with certain organizations to hand out over 10,000 security keys to high-risk users. Google has baked the capabilities of security keys directly into Android and offers iPhone users its Google Smart Lock app.
Google says that every day it checks the security of 1 billion passwords to make sure that accounts are not getting hacked. This is done using the built-in password manager on Chrome, Android, and the Google app. The password manager is also available on iOS. With iOS, Chrome can autofill saved passwords when logging in to other apps thus allowing iOS users to use just one single tap to log in on a site (instead of having to remember and type in a password).

Why wait for Google when it is easy for Android and iOS users to enable 2SV and 2FA on their phones

Soon, iOS users will be able to use Chrome’s password generator on any iOS app in the same manner that Android users employ Autofill with Google. Also being rolled out is a feature that will allow users to access all of the passwords saved in the password manager from the menu of the Google app.

If you want to turn on 2SV or 2FA on your Android device and turn on the built-in security key, you must have a phone running Android 7 or higher. From the browser of your Android phone go to Under the heading of Signing into Google select two-step verification. Scroll to Set up alternative second step and tap Add security key. Select your Android phone and then Add. A confirmation that your phone was added as a security key will be sent.

To turn on two-factor authentication on iOS, follow these steps:

Open Settings on your iPhone.
Tap the Apple ID banner at the top of the display.
Tap Password & Security.
Tap Turn On Two-Factor Authentication.
Tap Continue.
Tap Continue.
Enter your iPhone’s passcode.
Tap Done.