Let’s admit it. Most people either have an easy-to-guess password or keep using the same slightly complex password for a long time – both of which is essentially an open invitation for malicious parties to target your account. Two-factor authentication (or two-step verification) is the easiest way to avoid a security mishap, and Google is going all-in on that. Today, the company has announced that it will soon automatically enable two-factor authentication for accounts that are ‘appropriately configured.’
Currently, if you have a device registered to your Google account, you will receive an authentication prompt on it every time you try to sign in. However, this second step can also include receiving a call or text message for verification, a backup code, a verification code generated by Google Authenticator, or even a physical security key. Google already lets you use your compatible Android phone or iPhone (via the Google Smart Lock app for iOS) as a physical security key as well.
The goal is to add another layer of security, ensuring that even if your password has been compromised, the final key to accessing your Google Account is with you. Google says that it is trying to make the two-factor authentication process even more seamless to make it more secure than a simple alphanumeric password. If you’ve not enabled two-factor authentication for your account, we highly recommend that you do so. Just follow these steps:
And if you want to go a step further, you should invest in a physical security key. You can choose from brands like Yubico (the most trusted name in the domain), Solo, and Feitian. If I were to pick one, I’d go with the Yubico YubiKey 5Ci, as it features both a USB Type-C and a lightning port so that you can use it with Android devices as well as iPhones.