Google signs up 150 million people for two-factor authentication

In honor of Cybersecurity Awareness Month, Google intends to automatically enroll 150 million users in two-factor authentication. They will also force two million YouTube producers to use the security feature by the end of 2021. Using the second form of authentication when logging into your accounts significantly reduces the probability of an attacker obtaining access to your personal information, according to a blog post from Google.

Setting up two-step or two-factor authentication (also known as 2FA) is becoming more prevalent as a technique. It makes it more difficult for scammers and fraudsters to obtain control of your identity and accounts – and to show that you are who you say you are. This is because it necessitates a second activity, such as before banking online, to prove your identity.

Two-factor verification is frequently used in conjunction with a password manager. It generates and remembers complex passwords that are significantly more secure than a basic string of letters and digits like P4ssW0rd*. Using both will make your account more secure. While setting up two-factor authentication for each account may take some time, it's a straightforward process that's well worth the time.

We also recommend checking to see whether your account passwords are already on the dark web (and changing them), as well as seriously considering utilizing a password manager if you don't already (we no longer recommend LastPass, but Bitwarden is a good alternative).

What is two-factor authentication?

A sort of two-step authentication is the two-factor verification method (also known as two-step verification or multi-factor authentication). Throughout this post, I'll refer to it as two-factor authentication, or 2FA, for ease.

Consider two-factor authentication to be an additional layer of protection for your online accounts. If you don't have 2FA enabled on your account, all you have to do is enter your username and password. Two-factor authentication adds a step to the authentication process. You'll be prompted to enter your username and password first, followed by a one-time passcode (also known as an OTP), which is usually a six- to eight-digit number. You get the number through an app or a text message, and it changes every 30 to 60 seconds.

Only when you've input that code will you be given access to your account.

To get into your bank's online or email account, a criminal would need your login and password, as well as your phone number or physical access to your phone and your authenticator app of choice. However, there is one point to keep in mind.

Do not retrieve your codes by SMS to ensure the highest level of security. Instead, use an app.

When two-factor authentication became available on a range of websites and services for the first time, practically all of them needed you to submit a one-time password by SMS. While this method of obtaining codes is quick and straightforward, it is extremely risky due to SIM swap fraud.

When someone impersonates you and gets a representative from your wireless operator to replace the SIM card associated with your phone number, this is known as SIM switch fraud. Because all incoming calls and texts are now sent to someone else's phone, they may be able to get access to any of your internet accounts that have been compromised as a consequence of a data breach or attack.

Hacks like the recent T-Mobile leak, which exposed enough personal information for anybody to impersonate you when calling customer service, as well as PINs set by users as an added security measure, are compounding the problem.

Consider how quickly things may get out of hand if you use text messages to obtain 2FA codes from your bank, for example.

If at all feasible, keep your temporary codes in an authenticator tool like Google Authenticator or a password manager.

All of my account passwords, as well as my one-time passwords, are created and stored in a password manager. The app not only notifies me when a new service supports two-factor authentication, but it also copies and pastes the code when I'm checking in to an app or website. It makes the entire process of utilizing two-factor authentication straightforward.

Aside from being more secure, an app can display you the current code allocated to your account without requiring an active internet connection. That means you may use your code whether on the road or a plane-something you won't be able to do if you're receiving it by SMS.

Don't forget about the necessity of keeping your recovery codes safe.

When you set up two-factor authentication, you'll be asked to save a recovery code (or a series of recovery codes). COMPLETING THIS STEP IS VERY IMPORTANT.

You'll need that recovery code to get back into your account if you lose access to your two-factor authentication codes for any reason. Apple, for example, does not take this lightly. Without the code, your account, along with all of the data it contains, is essentially closed.

Assume you receive your 2FA codes by text messaging. Following a fantastic night out with friends, you realize that your phone has been stolen, along with access to your OTP codes. Unless you have a recovery code, the only way to access your bank account or carrier is with a one-time password.

As someone who has used a recovery code a few times, I can assure you that keeping your recovery code will save you time in the future.

I recommend storing any recovery information in a password manager and capturing a snapshot of the code to retain in a secure location. Even if it means printing it out and filing it.

Two-factor authentication instructions for major websites and services

Here are the links to the necessary account settings page for setting up 2FA, as well as the appropriate help page for prominent companies and websites. If a company's name isn't included here, I propose using two-factor in the query to find it (e.g. "Facebook two-factor").

  • Apple
  • Google (Click Get Started at the top of the page, log in to your account, and then follow the prompts.)
  • Facebook
  • Amazon (Go to Login & Security, click the Edit button next to Two-Step Verification and follow the instructions.)
  • Microsoft
  • PayPal
  • Instagram
  • Dropbox
  • LinkedIn
  • Slack (Sign in, click Expand next to two-factor authentication and select Set up two-factor authentication.)
  • Twitter
  • Snapchat

The website 2fa.directory is a searchable database. It provides direct connections to the proper assistance page for a variety of websites. You should also take extra precautions to safeguard your data. Here are some guidelines to help you avoid being a victim of SIM swap fraud.

It is well worth the effort to use two-step authentication.

True, two-factor authentication is inconvenient in several ways. Things, on the other hand, may go a lot worse. The most time-consuming element of the procedure is configuring it for all of your internet accounts that support it. After that, waiting for a code through text message or app becomes second nature, and you'll accept it as part of your daily routine.

We haven't met anyone who likes using two-factor authentication, especially on a connected Apple account. Because it sends a notification to every device you possess, we do it because it protects our personal and financial data. If someone acquired access to our accounts, they could quickly wreck our personal and professional lives. They put everything back together would take weeks, if not months.

Tags: , , , , , , , ,