Google enforces two-factor authentication for everyone

Google recently turned on two-factor authentication for 150 million users. 

In November 2021, Google  started automatically enabling two-factor authentication for 150 million Google accounts. The company says it has been done to  improve the security of the user accounts. 

Google users should know why this security system is necessary for users. But there are many questions in users’ minds. They want to know how this security system will be implemented. How can they activate and deactivate it?

What is two-factor authentication?

Two-factor authentication is intended to make logging into a service more secure. As the name suggests, you enter two different factors when you log in. Your accounts with online services are more secure because data thieves would need a second offline factor in addition to your password in order to be able to access your data. This system is anything but new: When paying with a debit or credit card in a shop, for example, you have always needed two factors – knowing your PIN and having a bank card.

But a password or PIN is usually also required online. So in order for you to be able to log in, you need to know about a secret. Countless records with stolen login data unfortunately show that passwords are not always secret. Therefore, the first factor is supplemented by a second.

In order to confirm the second factor when registering, you must have a specific item that can confirm the registration. In many cases, all you need is your smartphone, which you register once for use with two-factor authentication. Alternatively, you can confirm the login via biometrics, i.e. using your fingerprint or face. You can do this, for example, with a scanner on your smartphone. Even if your login details for a website are stolen, the attackers will not be able to log into your account because they do not have the necessary item or biometric data.

In practice, two-factor authentications have long been cumbersome and not very user-friendly. That has changed in recent years, however, as you can now simply use your smartphone as a second factor. After you have stored this one-time as an authorized device with the service, you will receive one-time passwords (also known as TAN) directly on your mobile phone when you register. You enter the one-time password when you log in and confirm to the service that you are the actual owner of your account.

In the past, SMS was mostly used to transmit one-time passwords. However, this was unsafe as text messages can be intercepted with a little criminal energy. This is why providers have recently been relying more and more on authentication apps, such as the Google Authenticator . These generate the one-time passwords locally on the smartphone using a specific key. There are also a number of alternative authentication methods: You can confirm a login to your Google account in the web browser using a PIN that you receive via a push notification from the Google app on your smartphone.

With many services, you can choose yourself which method you use as the second factor. We will introduce you to all of the two-factor authentication methods that Google supports further down in this FAQ.

Why is two-factor authentication fundamentally important?

Data leaks, in which large amounts of passwords are stolen, are becoming more common. Often the question is not whether data is stolen from an online service, but when . In April 2021, for example, data from hundreds of millions of Facebook users was freely available on the Internet . At the same time, online services are becoming more and more important to users. Regardless of whether a service has your personal address on file, private photos are stored in the cloud or your online banking access is concerned: With some services you should be able to trust that hackers will not be able to access them.

Activated two-factor authentication prevents exactly that. Simply possessing your password is no longer enough for hackers to log into one of your accounts. At the same time, two-factor authentication with authentication apps is now convenient and uncomplicated for users. In this way, you can effectively protect yourself against hackers without having to make too big compromises in the use of the services.

Why does Google want two-factor authentication for everyone?

According to its own information, Google has been trying to establish two-factor authentication for years. The system is the most reliable method of securing access to online services. Access to personal data in particular should be protected, for example on Gmail, Google Drive or the YouTube account. Therefore, Google announced in May 2021 that it would automatically activate two-factor authentication for around 150 million Google users . The move was carried out at the beginning of November.

In order not to make the change too abrupt, Google has not activated two-factor authentication directly for all users. Before the activation, all accounts affected by the change were informed by email. If you have not yet received a notification from Google, two-factor authentication will not be activated for your account for the time being.

Everyone for whom Google has activated two-factor authentication can now authenticate themselves with one of the following factors in addition to their login data when logging in:

• Entry of a one-time password (TAN), which is sent via SMS
• Entering a one-time password from an authentication app
• Confirmation of a push notification issued by the Google app on the smartphone when registering
• Entering a special security key that is stored in the smartphone
• Entering a backup code if other ways do not work

Can I still sign in to Google without two-factor authentication?

If you don’t want to use two-factor authentication with your Google account, you can easily deactivate it again. To do this, proceed as follows:

1. Open the security check area in your account overview at myaccount.google.com/security-checkup . To open the page, you may have to log in with your login data and two-factor authentication.
2. Click the Two-Step Confirmation section . Here, click the “ Two-Step Confirmation Setting ” link .
3. Now go to ” Deactivate ” above and the two-factor authentication will be switched off.

As long as there is no good reason to the contrary, we recommend, however, that you leave the two-factor authentication activated. This significantly increases the security of your Google account and protects your data in Google Drive, Gmail or Google Photos more effectively.

How do I activate two-factor authentication on Google?

You can activate two-factor authentication with Google very easily and simply. To do this, follow the brief instructions below or take a look at the step-by-step instructions with screenshots in this tip .

1. To set up two-factor authentication, visit this Google two-factor authentication page: myaccount.google.com/signinoptions/two-step-verification/enroll-welcome . Log in and click ” Start Now “.
2. Now enter your phone number and choose whether you want to receive the code via SMS or phone call . Then go to ” Next “.
3. Enter the code you received by SMS or phone call into the field and click on ” Next “.
4. Finally, confirm the two-factor authentication with ” Activate “.

The two-factor authentication is now always activated. You can now add an authentication app like the Google Authenticator. You will also find brief instructions and step-by-step instructions with screenshots at this link below .

1. Download the Google Authenticator App from the Google PlayStore or the Apple App Store .
2. Allow camera access , open the Google Authenticator app and tap ” Start “.
3. Select ” Scan Barcode “. If the scan does not work, tap on ” Enter key ” and continue with step 6 .
4. On your computer, go to the “two-step verification” website for your Google account at myaccount.google.com/security-checkup . Scroll down a little to the ” Replacement Options “. In the Authenticator app, click on ” Set up “.
5. Select your smartphone type and click ” Next “.
6. Pick up your smartphone again and use the app to scan the barcode in the browser window. After scanning, click ” Next “.
7. If the scan doesn’t work, tap ” You can’t scan it ” and ” Next “. You will now be shown a key , enter it in the Authenticator app .
8. A number code will now appear in the app . Tap ” Add Account ” to permanently add it to the app.
9. Back at the computer, you can now enter the number code from the app into the browser window. Click on ” Confirm “.
10. If the code is correct, a window with ” Done ” appears. Click on it and the app setup for authentication is complete.

What is the Google Authenticator?

The Google Authenticator is an authentication app for the smartphone. It generates a one-time password that you enter together with your password when you log on to a service. This confirms to the service that you not only know the password, but also have your smartphone – the login is protected with two-factor authentication.

The authenticator can not only secure the login to your Google account. The two-factor system is standardized so that you can also use the app to log into other services at the same time: for example with your Microsoft account, your e-mail inbox or your Amazon login.

In the Google Authenticator, the one-time passwords for several accounts can be retrieved at the same time.

Google Authenticator is probably the best-known and most widely used app for two-factor authentication. But there are also a number of alternatives, all of which work on roughly the same principle. They usually just look a little different and in some cases have a few additional functions – the Microsoft Authenticator , for example, has a built-in password manager.