Enabling two-factor authentication (2FA) on a Google account requires someone who is proactive about account security. Users need to log in, search the settings and check the appropriate boxes. Out of the billions of Google accounts out there, adoption of 2FA is probably not that high, and Google is tired of it.
Yesterday, ahead of “World Password Day,” Google announced a very bold move for account security. “Soon,” the company says, it will “auto-enroll” users into 2FA, provided their accounts are configured correctly. Google doesn’t go into detail about what “properly configured” means, but it sounds like anyone who can have 2FA enabled shall soon have 2FA enabled. Google’s preferred 2FA method is the “Google Prompt,” a notification that Google sends to your phone when you try to sign in. Instead of having to type a clumsy code, the Google Prompt offers a simple ‘yes/no’ check, making 2FA easier than ever.
On Android, Google Prompt is a full-screen pop-up built into every device as part of Google Play Services, so it’s easy. On iOS, Google prompt requests for your account can be received by the Google Search app, the Gmail app, or the dedicated Google Smart Lock app. It looks like everyone who meets these requirements will soon be enrolled in 2FA.
Most users stick with the default settings and soon the default for 2FA will be automatic enrollment. Users who aren’t tech savvy most likely don’t have 2FA enabled for their accounts, so hopefully they can still figure out how to log in when the process suddenly changes. Google may also be able to lock someone out of an account if the company automatically enrolls a user in 2FA and the user’s device configuration doesn’t really support it. Hopefully the first attempt will involve some sort of leeway or permission.