Google’s Mandatory 2FA Shows the Power of Default Settings GA S REGULAR Menu Lifewire Tech for Humans Newsletter! Search Close GO News > Internet & Security

Google’s Mandatory 2FA Shows the Power of Default Settings

Better security for all, whether you like it or not

By Charlie Sorrel Charlie Sorrel Senior Tech Reporter Charlie Sorrel has been writing about technology, and its effects on society and the planet, for 13 years. lifewire's editorial guidelines Published on October 7, 2021 03:28PM EDT Fact checked by Rich Scherr Fact checked by Rich Scherr University of Maryland Baltimore County Rich Scherr is a seasoned technology and financial journalist who spent nearly two decades as the editor of Potomac and Bay Area Tech Wire. lifewire's fact checking process Tweet Share Email Tweet Share Email Internet & Security Mobile Phones Internet & Security Computers & Tablets Smart Life Home Theater & Entertainment Software & Apps Social Media Streaming Gaming

Key Takeaways

Google is enabling two-factor security for 150 million users this year.Defaults are important, because we rarely bother to change them.You won’t believe how much Google pays Apple to be Safari’s default search engine.
Google Google is about to make the internet a more secure place—by default. Two-factor authentication (2FA) adds a huge layer of safety to your logins, but only if it’s switched on. By the end of 2021, Google plans to switch over 150 million Google users, and force 2 million YouTubers to enable the setting. 2FA has been available through Google for years, but in 2018, only 10% of accounts were using it. People just don’t seem to bother with anything that isn’t on by default. Google’s rival, Apple, knows this, which is why it has been aggressive in opting users into new security and privacy features automatically. "As Google found when they enforced two-factor auth for their own employees and high-value targets, account compromises via phishing effectively evaporate when two- factor authentication is enabled," Bobby DeSimone, the founder and CEO of Pomerium, a security service that also enforces two-factor authentication, told Lifewire via email. "Google’s enabling two-factor authentication by default is a laudable step forward in spreading that success to Gmail users at large. In particular, the default encourages the use of even stronger two-factor methods like device keys."

What Is 2FA

Two-factor authentication (2FA), aka two-step verification (2SV) or One Time Passwords (OTP), is an additional authentication method when you sign in to an account. You’ve almost certainly used it already. After providing your password, the site asks for a temporary code that comes via SMS, or is generated in an app like Google’s Authenticator, 1Password, Authy, and more. This code is good for one use only, and expires after a short period. Google The problem is, it’s usually provided as an optional extra, which means most people don’t bother to switch it on. After all, if you’re happy using your dog’s birthday as the password for all your accounts, then why would you care about this? By forcing 2FA onto its users, Google is seriously upgrading their security. And it won’t even be too much of a chore to use. Google’s implementation requires just one additional tap to use—no copying and pasting of numerical codes needed. "2SV has been core to Google’s own security practices and today we make it seamless for our users with a Google prompt, which requires a simple tap on your mobile device to prove it’s really you trying to sign in," wrote Google’s AbdelKarim Mardini and Guemmy Kim in a blog post.

The Power of Defaults

We rarely bother to change the default settings. Even so-called power-users leave a lot of settings alone. If a photo-editing app exports JPGs, then we use JPGs. After all, whoever made the app probably knows more about that than us, right? How about when Wi-Fi routers came open, without a password? You could enable a password, but who bothered? Google "The vast majority of security issues come not from systems, or technology, but behavior. And we know from Nobel-prize winning economics research how powerful defaults are in "nudging" people’s behavior," says DeSimone. "We are happy to see companies like Google and Apple 'nudge' their customers to use stronger methods of authentication." Recently, Apple has added all kinds of privacy features in iOS 14 and iOS 15, and many of these came switched on by default. App Tracking Transparency, for example, enables iPhone and iPad users to block apps from tracking them on the internet. While these apps are not blocked by default, the blocking framework is enabled, meaning every time an app wants to track you, it has to ask. And of course, most users will refuse. Google’s enabling two-factor authentication by default is a laudable step forward in spreading that success to Gmail users at large. Another illustration of the power of defaults is Google Search. Almost nobody changes the search engine in their browser, although it has been easy to do for a while. This default is so valuable that Google pays Apple an estimated $15 billion a year, just to remain the default search in Safari. If that doesn’t show how powerful defaults are, I don’t know what does. Was this page helpful? Thanks for letting us know! Get the Latest Tech News Delivered Every Day Subscribe Tell us why! Other Not enough details Hard to understand Submit More from Lifewire How to Control iPhone Safari Settings and Security How to Turn on Two-Factor Authentication on Facebook How to Use Two Step Verification (2FA) in WhatsApp The 10 Best Password Managers of 2022 How to Run a Google Security Checkup How to Make Google Your Default Search Engine Microsoft Edge vs. Google Chrome How to Turn off Two-Factor Authentication on Apple Devices The 4 Best Slack Security Tips to Keep Your Team Chats Safe Protecting Your Yahoo Mail With 2-Step Authentication The Top 10 Internet Browsers for 2022 10 Popular Accounts That Should Have Two-Factor Authentication Enabled How to Use the Microsoft Authenticator App How to Secure Your Gmail With Two-Step Authentication The 5 Best Secure Email Services for 2022 How to Set up Google Authenticator Newsletter Sign Up Newsletter Sign Up Newsletter Sign Up Newsletter Sign Up Newsletter Sign Up By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. Cookies Settings Accept All Cookies