Two-factor authentication for Gmail to take effect next
Google is about to take a pretty significant step that will help keep user accounts more secure.
In May, the company announced that it would start automatically requiring users to adopt two-step verification as a security precaution when they sign into services such as Gmail.
On Thursday the company wrote in a blog post that next week it start enrolling customers in two-factor authentication (or “two-step verification,” as Google calls it) if their accounts are “appropriately configured.”
Google advises customers to go through the company’s quick security checkup to ensure their settings and account protections are where they should be.
Here’s what you need to know.
What is two-step verification?
Passwords, no matter how strong, may not actually be the best way to keep online accounts secure. Two-step verification, sometimes referred to as two-step authentication, reduces the chances of hackers or other outsiders gaining unauthorized access to your information. This usually means adding an extra security step to log in, like a code sent to your phone via text or a voice call, or a code generated by a Google Authenticator, that users must enter in addition to their usual password.
Why is this happening now?
Google has been encouraging its users to enroll in two-step verification for the past few years. The company has also moved to reduce the need for its users to enter passwords and pushed the use of secure tokens, which instead allow users to sign in to partner websites and apps with a single tap. In addition to the 150 million user accounts Google will automatically enroll in two-step verification this year, creators on sister service YouTube started using it on November 1 to access their channels. Google expects that all of its users will eventually be required to login using two-step verification.
What’s going to change for me?
You can check whether you’re already enrolled in two-step verification through Google’s Security Checkup. If you’re not, it’s likely you will be eventually. Users who regularly sign in to their account, use Google products on their mobile devices, and who have recovery information on their accounts, like a recovery phone number or email, will be among the first to be automatically enrolled.
Once enabled, they’ll receive a prompt on their smartphone to verify that an attempted login with their Google account is legitimate. “Using their mobile device to sign in gives people a safer and more secure authentication experience than passwords alone,” said Google’s senior director of product management, Mark Risher.
But if you’re annoyed by the idea of signing in twice, don’t worry. After setting up two-step verification on your computer, you can choose not to use it again on that particular device, and go back to using just your password when you sign in. It’s only when someone else tries to sign in to your account from another computer that users will still have to go through the two-step verification process.