Google Is Making 2FA Mandatory and It’s Happening Before 2022

On October 5th, Google announced that it will make two-factor authentication (2FA), or two-step verification (2SV) as Google calls it, mandatory for over 150 million users.

In a blog post celebrating October’s Cyber Security Awareness Month, the company detailed its reasoning for the change and clarified how long the mandatory Google 2FA rollout will take.

Google says that it is “one of the most reliable ways to prevent unauthorized access to accounts and networks”, and it’s true! —2FA via SMS blocks 96% of bulk phishing attacks and 76% of targeted attacks, and 2FA via on-device prompts blocks 99% of bulk phishing attacks and 90% of targeted attacks. When looking at the statistics, it’s easy to see why Google wants as many people using 2SV as possible.

As for how long it’ll take to roll out mandatory 2FA to its users, Google says that by the end of 2021, it will have auto-enrolled 150 million of its users, as well as set up requirements for 2 million YouTube creators to turn it on, too.

What this means for you

Google understands that not everybody wants any of today’s 2FA options on their Google account, no matter the security benefits they offer, and that it’s “working on technologies that provide a convenient, secure authentication experience and reduce the reliance on passwords in the long-term”. Only time will tell exactly what “technologies” Google is referring to here…

It was also confirmed that only accounts with the proper backup mechanisms in place will be auto-enrolled in it. This means that if you don’t have a recovery email or phone number linked to your account, Google won’t be requiring you to set up 2FA. If you want to check whether you’ve got a sufficient backup mechanism configured, you can perform a quick Google Security Checkup.

On the fence?

Still not sure whether you should go along with what Google wants and enable 2FA on your account? Our advice is to definitely give it a go! The security benefits far outweigh the extra time it takes to log into your devices every now and again. And if you really don’t get on with it after a trial run, you can always disable it.

Want to read more about 2FA?

Then you’ll definitely want to check out these articles!

Risks of Not Using Multi-Factor Authentication (MFA)
What is Two-Factor Authentication and How Does It Work?