One of the main problems is the lack of understanding by users of the benefits of additional authorization procedures.
It turns out that with just a little push on users to apply best security practices, the number of hacked accounts will decrease significantly. According to Google, four months after the introduction of two-factor authentication (2SV) by default, the number of hacks has decreased by half.
In October 2021, the company announced its intention to turn on two-factor authentication by default for the 150 million Google users who previously did not use it, and also required 2 million YouTube content creators to turn it on. According to the company, since then, the number of account hacks in the test group has decreased by 50%.
The strategy demonstrates the ability of tech giants like Google to provide security by default and fits into a multi-year project to transition users to a stronger security model aimed at a password-free future.
Two-factor authentication is the main pillar of this strategy, as account security is greatly enhanced by a physical element such as a security key or a phone to receive codes via an app or SMS. But the catch has always been the reluctance of users to switch to this physical element.
In 2018, when a Google engineer reported that over 90% of active Gmail users weren’t using two-factor authentication, the question was why wouldn’t Google make this a mandatory measure? Since then, the company has been working to make two-factor authentication the default option for more users and mandatory for some.
According to Google representatives, one of the main obstacles so far is the lack of understanding by users of all the benefits of additional authorization procedures.
“If we want users to understand what it is and what the benefits are, there is still a lot of educational work to be done. We also need to make sure that the accounts are set up correctly, with a recovery email and phone number, so that after enabling two-factor authentication, the user does not lose access to their account. We have already implemented two-factor authentication for select users whose accounts are ready for this,” said Guemmy Kim, director of Google account security.