Your Google accounts will soon default to 'two-step verification'
Yet year after year, we see the most common passwords continue to be easy to guess strings like 123456, 123456789, password, or 111111.
Having one's email compromised is one thing, but if the same credentials are used for other sites like a bank, the consequences could be devastating.
They can verify that it is them usually by either entering a random six-digit code in the message or by tapping an "accept," "allow," or "okay" button.
Google calls it 2SV (two-step verification) and has had it optionally available for quite some time. There is no arguing that 2FA is more secure than a password alone, but many users may not want to use it for various reasons.
Arguably the most significant reluctance factor is that it requires them to trust their phone number to a company known for selling personal information to advertisers.
"More factors mean stronger protection, but we need to ensure users don't get accidentally locked out of their accounts," Risher told PCWorld.
"That's why we're starting with the users for whom it'll be the least disruptive change and plan to expand from there based on results."
Two-factor authentication by default is just the first step Google is taking to eliminate passwords completely.
"One day, we hope stolen passwords will be a thing of the past because passwords will be a thing of the past," said Google without expounding on what replacements it has in mind.