Skip to main content

Google is finally trying to kill passwords — here's how

Google Authenticator
(Image credit: Shutterstock)

Google will soon make two-factor authentication (2FA) mandatory for all Google accounts. 

From May 10, Google will ask people who have enrolled in two-step verification (2SV) (the abbreviation Google uses) to confirm it's really them with just a tap of a Google prompt on their phone. 

"Soon we’ll start automatically enrolling users in 2SV if their accounts are appropriately configured," added Mark Risher, director of Product Management, Identity and User Security at Google. 

Many security experts agree 2FA is a vital piece of online security, adding a much-needed layer of protection to weak passwords. With Google now set to make 2FA mandatory, it’s a clear signal that the tech firm sees a future with fewer passwords.

Despite our users' best intentions, the sheer number of online accounts we have means the strongest passwords are vulnerable because they’re often recycled between different logins. That’s something that Google sees as a big problem and one which it hopes to fix by enrolling people in mandatory 2FA.

Of course, Google already uses 2FA to bolster users’ account security, though it’s not compulsory. With 2FA, users get an extra layer of security, one that relies on Google’s Authenticator app or Google's push notifications to confirm your login on a separate device tied to you, like your phone.

Signing in safely 

Google 2FA

(Image credit: Google)

So, what does "appropriately configured" actually mean in relation to Google accounts? Well, it refers to a bunch of settings that can be verified over at Google's Security Checkup page. 

In short, the term applies to accounts that have recovery information added, such as a phone number, a secondary email or an iPhone or Android phone set up to receive Google push notifications. Security Checkup communicates whether 2FA is enabled on an account — and is an easy way for users to tell whether it's activated on their account. 

Additional security layers shouldn't come at the expense of usability, though. Making multi-factor authentication even more secure than a password shouldn't sacrifice a seamless user experience, says Google, with security keys directly built into the best Android phones, plus integrated with its Google Smart Lock app for iOS. 

Password safety everywhere you go 

Google Password

(Image credit: Google)

Password breaches are now so commonplace that Google's move to make 2FA mandatory perhaps seems overdue.

Regardless, strong passwords still remain important alongside 2FA. Google's Password Manager, baked into Android, Chrome and now iOS, helps create more robust passwords, synchronizing them across your favorite apps and sites. 

This reduces the time needed to come up with complex alphanumeric passwords and then remember them. Google does the hard work for you, even automatically populating sites' login forms to save you the hassle. 

And if you're concerned about moving existing passwords, the company's password import feature eases the process of funneling your passwords from various third-party sites into Google's Password Manager. 

With the ubiquity of password-pinching malware, there's no doubt that a move towards 2FA is a necessary step in the right direction. Google enforcing 2FA as a mandatory part of its service should steer the mainstream towards better personal security hygiene. 

More: Some people get more phishing emails than others — here's why