There are plenty of advantages to using Google’s Gmail service for your email, but it seems almost no one is using one of its best features. Google software engineer Grzegorz Milka revealed during a presentation at the Enigma 2018 security conference that less than 10 percent of active Google accounts use two-step authentication, and added that a 2016 Pew study shows that about 12 percent of Americans make use of a password manager.
That is to say that while Google offers known-good options for ensuring personal account security, 9 out of 10 people choose not to take advantage of those free-to-use methods.
Why doesn’t the big G just flip the switch and turn on 2FA for all accounts?
“The answer is usability,” Milka said, speaking to The Register. “It’s about how many people we would drive out if we force them to use additional security.”
Knowing that, Google is trying to do what it can to protect us regardless of our willingness to protect ourselves.
It turns out that account hijackers tend to follow a pretty standard process. Once they’re in, they typically will first shut down notifications, search for stuff like personal account information and intimate photos, then drop in a filter to hide their activity. Hopefully this kind of activity becomes something that Google can use to temporarily shut down accounts.
But the best way to save yourself the headache of losing your account to a hacker is to use two-factor authentication with any account that allows it. With Google, it’s as simple as hitting a yes or no button on your phone once it’s setup, though other outfits still stick with authenticator apps or text messages. Regardless, a six-digit number once in a while is better than losing 8 years of email.