Google announced that it’s going to be implementing two-factor authentication (2FA) for large swathes of users, according to a Wednesday (Nov. 3) report by Ars Technica.
The process has already started, and some users have already been enrolled in the system, after the tech giant said last month it would be auto-enrolling 150 million Google accounts in 2FA by the end of the year, according to the report.
While Google has more than 150 million accounts, the company said it’s only auto-enrolling those which have the right backup mechanisms in place, including a recovery email or a recovery phone number that can receive SMS codes, per the report.
2FA requires users to input some other type of information in addition to a password. Usually, that constitutes a code or a confirmation prompt from a smartphone, but it can also be accomplished by using a physical security key, like a USB stick, the report stated.
On Google’s support page, it said accounts flagged for 2FA will get an email a week or so before the 2FA is enforced, but it added that 2FA will eventually be required for most Google accounts, according to the report. However, organizations with paid Google Workspace accounts don’t have to get 2FA, although admins can decide to opt-in.
Meanwhile, YouTube made 2FA a requirement for “partner” level creators, meaning those with revenue sharing, as of Monday (Nov. 1).
Last month, Google debuted a new Chrome version, which has 19 security updates, along with a secure payment confirmation option through WebAuthn.
The payment authentication feature will add a new payment extension for WebAuthn, giving entities the option to make a PublicKeyCredential that retailers can ask about for an online checkout process.
Google said the feature “enables a consistent, low friction, strong authentication experience” and noted that strong authentication with a bank is becoming more of a necessity for online payments in several regions, including the European Union.