Google will soon make two-factor authentication mandatory

2FA
(Image credit: Google)
Audio player loading…

In order to commemorate this year's World Password Day (opens in new tab), Google has announced that it will soon start automatically requiring two-factor authentication (2FA (opens in new tab)) for user accounts.

According to a new blog post from the search giant, passwords are the single biggest threat to your online security as they are easy to steal, hard to remember and managing them can be tedious. While many users try to come up with long and complicated passwords, this can also put their security at risk as they are more likely to reuse the same password (opens in new tab) across multiple online accounts. If one account is compromised, all of their accounts are then vulnerable.

This is why many users have begun to rely on password generators (opens in new tab) to create strong, complex passwords and password managers (opens in new tab) to store them securely online. Most modern browsers (opens in new tab), including Google Chrome, have password managers built in but if you're looking for additional security, you can always sign up for a paid service such as LastPass (opens in new tab).

Google's password manager is entirely free to use and one of the best things about it is the fact that its integrated into the company's single-click Security Checkup (opens in new tab) which can tell you if any of your passwords have been compromised or involved in a data breach.

Two-step verification

One of the best ways to protect your online accounts is to have a second form of verification in place as this allows them to confirm that it is really you trying to log in. 

Google has been doing this for years by asking users to enroll in two-step verification (2SV (opens in new tab)) to confirm it's really them by tapping on a prompt on their smartphone whenever they sign in. However, soon the company will begin automatically enrolling users in 2SV if their accounts are properly configured.

At the same time though, Google is also building advanced security technologies into devices to make its multi-factor authentication seamless and even more secure than a password. For instance, the company has build security keys (opens in new tab) directly into Android devices and brought its Google Smart Lock app to iOS to allow users to use their phones as a secondary form of authentication.

Director of product management, identity and user security at Google, Mark Risher explained in a blog post (opens in new tab) that until we move to a passwordless future (opens in new tab), the company will continue its work to keep its users' passwords safe, saying:

“One day, we hope stolen passwords will be a thing of the past, because passwords will be a thing of the past, but until then Google will continue to keep you and your passwords safe.”

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.