Google engineer says only 10 percent of Google accounts use two-factor authentication

Grzegorz Milka was speaking at the annual Usenix Enigma conference

A Google engineer speaking at the annual Usenix Enigma conference in Santa Clara, California has revealed that only 10 percent of active Google accounts use two-factor authentication.

Speaking to the Enigma crowd, software engineer Grzegorz Milka also mentioned that approximately 12 percent of Americans use a password manager, citing a 2016 Pew study, according to the Register.

Milka said that the reason why Google doesn’t force users to protect themselves using two-factor authentication is a matter of “usability.”

“The answer is usability,” said Milka, while speaking to the Register. “It’s about how many people would we drive out if we force them to use additional security.”

The Register reported that Google currently uses heuristics to attempt to “detect dodgy behaviour” by hackers.

Typical attackers, for example, attempt to minimize the number of alerts users receive regarding account actions.

If Google detects that an individual logs in, immediately disables account notifications, searches for and downloads private emails or photos, and then installs software to mask those actions, the individual in question is most likely a hacker and not the true account holder.

Google accounts have featured two-factor authentication for a number of years, and Google’s Authenticator app — which allows user to store and generate two-factor passcodes — received a visual overhaul in December 2015.

As we have since September 2014, MobileSyrup recommends that its readers turn on two-factor authentication if it’s available. Having to type in a regular password and a two-factor code might seem like an added nuisance, but the security benefits speak for themselves.

Source: The Register