Are You Part Of The 90% Of Gmail Users With Poor Account Security?

Are You Part Of The 90% Of Gmail Users With Poor Account Security?

A long, long time ago, having a good password was all you needed to make sure your Gmail (or other online) account was secure. Now, if you don’t have two-factor authentication, or 2FA, then you’re missing out on a really simple way to protect yourself. Why, then, do less than 10 per cent of Gmail users have 2FA enabled? Great question.

Grzegorz Milka, a software engineer at Google, revealed the surprising statistic at this year’s Usenix Enigma security conference, according The Register’s Iain Thomson.

Considering how substantial Google’s userbase is, that 90 per cent includes a massive number of people. If you’re one of them, it’s time to get your act together.

And sure, while there’s other ways to secure your account, 2FA is built-in. You just have to turn it on.

Are You Part Of The 90% Of Gmail Users With Poor Account Security?Image: Supplied

Enabling two-factor authentication for your Gmail account is straightforward:

  1. Follow the prompts on Google’s 2FA page.
  2. Enter your phone number, and whether you’d like an SMS or phone call.
  3. A verification code will be sent to the provided number. Type it in to continue.
  4. Finally, you’ll be asked if you wish to turn 2FA on (you can also deactivate it at any time).


Who’s using 2FA? Sweet FA [The Register]


  • When I’ve reviewed my 2FA setup recently, SMS and Phone weren’t the default second-factor. It defaulted to on-screen prompt on my Android device(s).
    This article could do with a little more explanation of the options available and their differences. Otherwise it’s not doing anything to reduce that 90% figure.

  • So wait, I have to have my phone on me to access my Google account right?
    What happens if my phone is stolen and I have to log into my account to remotely wipe my phone?

    Hmmm nope.

  • I’ve had it on for a while, and it is slightly inconvenient I agree when you want to log into a Google service and your phone is in another room. But I just try to remember that if its annoying for me to take an extra step to log into my own account, then its probably not going to be fun for anyone else to hack into either.

  • I turned on Google Authentication 2FA for a service, its very annoying, it would be a little less annoying if password apps like 1password or dashlane supported it, but i hardly login to the service i enabled it onto because of the extra steps.

  • I wonder how many Gmail accounts are real and/or primary accounts? I have multiple throwaway Gmail accounts that don’t need to be secure and so I only enable 2FA on the one account I have that matters. Then there are all the spam bots that are using Gmail. Surely they don’t have 2FA enabled?

Show more comments

Log in to comment on this story!