Two-Factor Authentication With Google: E-mails Are Better Than Doubly Secured

Google will activate two-factor authentication for millions of accounts by the end of the year. The password alone is then no longer sufficient to log in.

Have you received an email from Google in the past few weeks informing you that your Google account will soon be additionally secured? If not, it could be that way soon. As first announced in May and most recently in October, Google plans to automatically introduce so-called two-factor authentication (2FA) for numerous accounts by the end of the year.

For many users who use a Gmail address or have an Android smartphone, for example, it could mean their first contact with the secure log-in procedure. Julian Assange: The Deterrent

Numerous online services, from Facebook to Twitter to PayPal and many banks have long been offering confirmation in two steps. But for the most part, 2FA is just an option, not an obligation. This is another reason why Google's plans to simply introduce them automatically are a big step forward.

What two-factor authentication means for users in everyday life, whether it will be mandatory at Google in the future and other questions we answer here?

Two-factor authentication - what is it?

Usually accounts with online services are secured exactly once, namely with the combination of username and password. The disadvantage is obvious: once you know the password, you can automatically gain access. And the fact that many people save their log-ins directly and unsecured in the browser doesn't make it any better. The two-factor authentication, on the other hand, does. As the name suggests, it introduces a second factor, i.e. a second level of security, for logins. Instead of just entering the password, users have to verify themselves in another way.

How Can Earn Money Through Facebook

This verification can be done with a code that is sent via SMS. Or with an authentication app on the smartphone. Or with a USB stick that you have to plug into your PC or laptop every time you log in. In order to gain access to an account secured with 2FA, the attackers therefore not only need the password, but also access to the smartphone or the USB key. That makes it more difficult for hackers - and therefore safer for users. Security experts and the Federal Office for Information Security therefore recommend the use of 2FA for as many services as possible.

When will Google introduce two-factor authentication?

By the end of the year, numerous Google accounts are expected to receive a request to set up 2FA before it is automatically activated. As stated on the website, this notification should be sent seven days before the change. Initially, however, only around 150 million accounts are to be automatically converted to two-factor authentication. That would not even be ten percent of the roughly 1.8 billion Google accounts that currently exist. The reason is that initially only those accounts are affected that "have the right security mechanisms to enable a seamless transition to 2FA," as it is said. This means accounts that are already linked to a mobile phone number and a second back-up email address.

Is two-factor authentication mandatory?

Not yet, because as it says on the website, the procedure can also be reversed. So Google is switching from the opt-in to the opt-out model, so to speak: Until now, the users concerned could activate the 2FA at their own request; after the changeover, they have to deactivate it in the settings of their own accord. However, one day the process could actually be mandatory: "Most Google accounts will soon require verification in two steps," suggests Google. Then use would no longer be possible without additional protection.

Do I have to give Google my phone number?

If the procedure becomes mandatory, then it will probably be. Because who now activates the two-factor authentication with Google, first has to link his account to a mobile phone number, to which a one-time confirmation code is sent. Only then can the desired 2FA method be set up. For all people who use their Gmail address anonymously as far as possible, this is of course a problem, because their account is then linked to a phone number that could be used to identify them. 

EU Agrees To Suspend Roaming Charges Until 2032

Google has been trying for a number of years to get more users to add a phone number; it is now even required when creating a new account. Should two-factor authentication actually become mandatory, older Gmail customers would also have to consider whether they want to give Google their number - or whether they would prefer to switch to another mail provider.

How does Google's two-factor authentication work?

Theoretically, Google offers several options for verifying yourself in addition to the password. If you want, you can buy a special USB stick that you have to plug into your PC or laptop every time you log in, or a device that enables you to log in via Bluetooth. The most common variants, however, are confirmation via app or SMS. 

Requests: For users who use their Google account with an Android smartphone, the change will change the least. For one thing, they have already linked their account to their phone number anyway. On the other hand, you don't have to install an additional authentication app, as the 2FA is integrated directly into Android. As soon as it has been activated, Google will send a request in the form of a notification to the smartphone linked to the account (or to several smartphones linked to the same Google account) every time you log in: "Just try to log on to a second computer?" The choices are "Yes" or "No, I'm not". With one click, the log-in is either authenticated or rejected. Google, but the Smart Lock app or the Gmail app must also be installed and set up.

SMS: Authentication via SMS does not require any further preparatory steps, provided Google already knows the cell phone number. SMS is the standard method if Google or Gmail are not set up on a smartphone. This could affect all users who, for example, only use Gmail in the browser on their PC. The difference to authentication via the Google Prompts is that with the SMS procedure you have to enter the six-digit code contained in the message when you log in again, so you cannot just click on a link. It is therefore a little more laborious. In addition, there must be a cellular connection, whereas the prompts also work if the cell phone is only connected to the WLAN. Especially abroad, when you don't have roaming or reception.

Authentication app: If you haven't linked your Google account to a smartphone, if you use several Gmail addresses at the same time or if you don't want to receive SMS, you have to set up an authentication app on a smartphone (you can find detailed instructions here). The best known comes directly from Google itself and is called Google Authenticator and is available for both Android and iOS. Once the app is installed, you can add new accounts via QR code, not only for Google, by the way, but also for other online services that support this process. So you don't need a separate authentication app for every service. The QR code for the Google account is available in the 2FA settings. Once scanned, the account is saved in the authenticator app. The six-digit code changes every 60 seconds, which you have to enter in addition to the password when logging in, as with the SMS. The advantage of the app: The codes are generated offline, so the smartphone does not have to be connected to the internet or wireless network.

Do I really have to confirm the Google log-in every time?

That would of course be safest, but it doesn't have to be. When you log in to a device for the first time after switching to two-factor authentication, you can choose not to be asked for the second factor on this device. This can be helpful, for example, when it comes to your home PC that you use every day anyway and that no one else has access to. In the settings, all trustworthy devices can later be revoked if you lose track of things or if you want to set up the 2FA all over again.

What do I have to consider with mail programs?

You can log into many apps on your smartphone directly with your Google account. The above-mentioned procedures apply here. However, many mail programs on the PC, for example Thunderbird, do not support "Log-in with Google" and therefore also do not support two-factor authentication. In order to continue to use these programs anyway, there is the option of creating so-called app passwords. These passwords are then entered once in the respective programs when asked for them. They are valid indefinitely, so you only have to enter them once or until you delete them from your Google account. In mail programs like Thunderbird, you may have to create your own app password for both the inbox and the Outbox.

Can I change the 2FA procedure again later?

"You can always use another second step that you have set up." So it is in the Google settings. But apparently this is not true, because there is, at least in our test, no option to make another method the standard. Rather, Google seems to determine the order automatically: The Google prompts, for example, always seem to be standard when the account has been linked to a smartphone. Even those who then set up the authenticator app cannot prefer it to prompts. 

This Is The Processor That High-End Android Phones Will Carry In 2022

The app only works if you log out of all active devices, which irritates some users. In a sense, the authentication app is the back-up option.

It is similar with SMS: if you first set up two-factor authentication via SMS, but then install the authenticator, this automatically becomes the standard and the SMS becomes a backup. Possibly because the authentication app is considered more secure than SMS, which are comparatively easy to intercept.

Still, the fact that you can't easily customize the process you want isn't really user-friendly. However, Google may still adjust this, perhaps at the latest when the two-step confirmation is really mandatory for all users.

Do You Know What We Have Posted on

Twitter Facebook Instagram Reddit tumblr

Post a Comment