BOOK AN APPOINTMENT WITH AN IT SPECIALIST TODAY

Google Mulling Mandatory Two-Factor Authentication For All Users

Google Mulling Mandatory Two-Factor Authentication For All Users

Google plans to bolster the security of user accounts by making two-factor authentication (2FA) mandatory. This approach ensures that all user accounts require two-factor authentication by default. 2FA enhances cybersecurity by providing an additional defense barrier.

The tech giant kickstarted the process of introducing 2FA by testing the system with the help of users who already activated the feature. During the tests, Google will check the interaction between its apps and users’ smartphone prompts. Once the tests are complete, the company will automatically enroll all users into 2FA.

The implementation of mandatory two-factor will depend on insights from the testing phase. For this reason, Google plans to request users’ input to make the entire login process seamless, easier, and secure. It seeks to understand how users feel about the impending changes and consider users’ suggestions.

Google’s Mark Risher noted that the testing phase involves users who are less likely to find the change disruptive. The company intends to expand the two-factor authentication based on its findings from the test phase.

Risher, the director of product management for identity and user security, confirmed that many people previously viewed 2FA as challenging and tedious.

Many tech companies were apprehensive about implementing multifactor authentication, fearing the measure would discourage new signups. Thankfully, the situation has changed significantly, allowing most users to adopt the new security measure.

Google two Factor

Improved Security

Google is pushing towards a future without passwords as it views them as a weak link in the cyber defense ecosystem. The tech giant recently announced that up to 66 percent of US citizens still rely on the same password to access multiple websites and apps.

In doing so, users undermine account security. Cybercriminals buy and sell stolen login credentials on the dark web, allowing bad actors to gain illegitimate access to user accounts across multiple sites, including Google services like Gmail.

Google urges users to configure account security according to the recommended standards. Adhering to the minimum security requirements is a surefire way to mitigate risks posed by cyber-attacks.

With mandatory two-factor authentication, the system verifies the identity of users by dispatching codes via smartphones. These prompts become standard for all attempted logins into Google accounts. 2FA drastically reduces illegitimate access to user accounts. Identity verification via mobile device is undoubtedly a more convenient and safer authentication method.

Experts recommend using on-phone alerts than SMS messages because bad actors can intercept text messages.

Expanding Two-Step Verification Options

By making 2FA mandatory, Google demonstrates its commitment to implement the best security measures for all users. On the other hand, the company realizes the need to provide a wide selection of two-step authentication options. Doing so helps meet different users’ needs based on the accessibility of specific technologies.

According to Risher, Google is working tirelessly to ensure an equitable authentication experience. The company aims to achieve equal access by developing suitable authentication technologies. In the end, Google aims to eliminate the reliance on passwords.

Increased Adoption

Once Google makes 2FA mandatory, it hopes to influence the wider adoption of two-factor as a baseline standard for login authentication. The wider tech industry usually follows in Google’s footsteps. The tech giant continues to play a prominent role in web security transitions.

In the past, Google steered the tech industry towards sandboxing, auto-updates, and ubiquitous HTTPS encryption. When it comes to multifactor authentication, Google joins notable tech companies like Apple in introducing the security solution. In recent years, Apple started actively promoting the feature to its users.

Industry experts have praised recent efforts by leading companies to eliminate the reliance on simple credentials. These changes are highly beneficial to all account users. Financial institutions and healthcare organizations are increasingly adopting security measures that make two-factor authentication compulsory.

Increased cyber-attacks necessitate a radical shift in account security. The entire tech industry needs to complement each other’s efforts to maximize adoption levels.

Cybercriminals find it easier to compromise account security by stealing users’ passwords. Using the same password for several platforms allows bad actors to gain illegitimate access to more than one site. It is no surprise that Google considers the continued use of simple credentials like passwords as the biggest threat to cybersecurity.

More Like This

AA22-138B: Threat Actors Chaining Unpatched VMware Vulnerabilities for Full System Control

Original release date: May 18, 2022 Summary The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this Cybersecurity Advisory (CSA) to warn organizations that malicious cyber actors, likely advanced persistent threat (APT) actors, are exploiting CVE-2022-22954 and CVE-2022-22960 separately and in combination. These vulnerabilities affect certain versions of VMware Workspace ONE Access, VMware Identity Manager …

AA22-138B: Threat Actors Chaining Unpatched VMware Vulnerabilities for Full System Control Read More »

Read More

AA22-138A: Threat Actors Exploiting F5 BIG-IP CVE-2022-1388

Original release date: May 18, 2022 Summary Actions for administrators to take today: • Do not expose management interfaces to the internet. • Enforce multi-factor authentication. • Consider using CISA’s Cyber Hygiene Services. The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) are releasing this joint Cybersecurity Advisory …

AA22-138A: Threat Actors Exploiting F5 BIG-IP CVE-2022-1388 Read More »

Read More

AA22-137A: Weak Security Controls and Practices Routinely Exploited for Initial Access

Original release date: May 17, 2022 Summary Best Practices to Protect Your Systems: • Control access. • Harden Credentials. • Establish centralized log management. • Use antivirus solutions. • Employ detection tools. • Operate services exposed on internet-accessible hosts with secure configurations. • Keep software updated. Cyber actors routinely exploit poor security configurations (either misconfigured …

AA22-137A: Weak Security Controls and Practices Routinely Exploited for Initial Access Read More »

Read More

157-Year-Old Lincoln College Succumbed To A Ransomware Attack

157-Year-Old Lincoln College Succumbed To A Ransomware Attack On May 13th, 2022, a college that has remained open through two world wars, the 1918 Spanish flu epidemic, and the Great Depression will close its doors. The college has been struggling to stay afloat in recent years, and the coronavirus pandemic and a recent ransomware attack …

157-Year-Old Lincoln College Succumbed To A Ransomware Attack Read More »

Read More

AA22-131A: Protecting Against Cyber Threats to Managed Service Providers and their Customers

Original release date: May 11, 2022 Summary Tactical actions for MSPs and their customers to take today: • Identify and disable accounts that are no longer in use. • Enforce MFA on MSP accounts that access the customer environment and monitor for unexplained failed authentication. • Ensure MSP-customer contracts transparently identify ownership of ICT security …

AA22-131A: Protecting Against Cyber Threats to Managed Service Providers and their Customers Read More »

Read More

Zero Trust Networks: What Are They?

Zero Trust Networks: What Are They? The internet has brought a world of opportunity for businesses. It is easy for companies to reach out to consumers and offer them products or services without a physical storefront. However, this also opens businesses up to the risk of data breaches and cyber attacks. Cyber attacks can be …

Zero Trust Networks: What Are They? Read More »

Read More