Few Gmail Users Enable Two-Factor Authentication

Few Gmail Users Enable Two-Factor Authentication

Cybersecurity is an ongoing problem, with critical flaws and weaknesses ranging from ongoing research into how best to break fundamental aspects of CPU architectures to users perennial terrible choice of passwords. All in all, it’s not a cheerful situation, and new data from Google doesn’t exactly improve things.

In a presentation at Usenix’s Enigma 2018 security conference, Google engineer Grzegorz Milka revealed that less than 10 percent of Gmail users have two-factor authentication enabled and just 12 percent have a password manager installed on their browsers. Given the high-profile security failures of password managers, including LastPass, I can’t exactly blame people for not using them — it’s not as if they’ve got great reputations — but using password managers is one way to create strong passwords that have less chance of being cracked.

The Register notes that this actually squares up with what the majority of its readers thought, with 82 percent correctly picking the 10 percent or less figure. Milka’s response as to why Google didn’t require two-factor authentication is telling.

“The answer is usability,” Milka told The Reg. “It’s about how many people would we drive out if we force them to use additional security.”

Image by The Register
Image by The Register

This response echoes Marissa Mayer’s reasoning for why two-factor security authentication or additional security measures weren’t deployed at Yahoo, and we saw how well that turned out. It became the largest known hack in history, as far as how many accounts were compromised.

It’s genuinely tempting to write something along the lines of “It’s hard to blame Google.” Customers don’t generally care about security until they’re the ones being breached. Making two-factor authentication mandatory could result in some users moving to other platforms. But in the wake of Yahoo’s breach, I can’t make that argument.

First, it’d be hypocritical to slam Yahoo’s failure to protect its users, then champion Google’s refusal to do the same thing. But second, humans are terrible at evaluating risks and often take chances they shouldn’t. They also routinely undervalue data. Extra hard drives are dirt cheap and easily purchased. Backup software solutions are highly advanced and easy to use. And yet, most people don’t make regular backups of their own data. They certainly don’t take adequate steps to protect their own online information.

Google should enable two-factor authentication by default, with an option to disable it should people not want it. It’s the right thing to do for people who don’t otherwise understand why the feature is so important. But given that the company is unlikely to do so, we strongly recommend you take the step yourself.

Continue reading

Google Will Soon Let You Place Calls Via Gmail
Google Will Soon Let You Place Calls Via Gmail

Google’s latest update to its Workspace suite comes in the form of voice and video calls initiated directly from the Gmail app.

Google to Add Package Tracking Features to Gmail
Google to Add Package Tracking Features to Gmail

Google is adding integrated package tracking to Gmail, which looks like a real time-saver for those who are constantly checking in with their shipments.

Google to Introduce End-to-End Gmail Web Encryption
Google to Introduce End-to-End Gmail Web Encryption

Now through Jan. 20th, Workspace Enterprise Plus, Education Plus, and Education Standard customers are able to apply for Google’s client-side encryption.

Google Rolls Out Redesigned Gmail
Google Rolls Out Redesigned Gmail

The new design is rolling out now, and you can give it a shot in a few clicks.