Are You Part Of The 90% Of Gmail Users With Poor Account Security?

A long, long time ago, having a good password was all you needed to make sure your Gmail (or other online) account was secure. Now, if you don't have two-factor authentication, or 2FA, then you're missing out on a really simple way to protect yourself. Why, then, do less than 10 per cent of Gmail users have 2FA enabled? Great question.

Grzegorz Milka, a software engineer at Google, revealed the surprising statistic at this year's Usenix Enigma security conference, according The Register's Iain Thomson.

Considering how substantial Google's userbase is, that 90 per cent includes a massive number of people. If you're one of them, it's time to get your act together.

And sure, while there's other ways to secure your account, 2FA is built-in. You just have to turn it on.

Image: Supplied

Enabling two-factor authentication for your Gmail account is straightforward:

  1. Follow the prompts on Google's 2FA page.
  2. Enter your phone number, and whether you'd like an SMS or phone call.
  3. A verification code will be sent to the provided number. Type it in to continue.
  4. Finally, you'll be asked if you wish to turn 2FA on (you can also deactivate it at any time).

Easy.

Who's using 2FA? Sweet FA [The Register]


Comments

    When I've reviewed my 2FA setup recently, SMS and Phone weren't the default second-factor. It defaulted to on-screen prompt on my Android device(s).
    This article could do with a little more explanation of the options available and their differences. Otherwise it's not doing anything to reduce that 90% figure.

    Why don't I use 2FA? Because I don't want to have to make sure I have my phone with me just to check my email.

    If 2FA requires phone signal its useless to me. If it can work without phone service then fine, I will use it.

      It can work without phone service. Install the Google Authenticator app on your phone for 2FA over wifi instead.

    If you use the Google authenticator app you don't need a phone signal or active data connection to use 2FA.

    So wait, I have to have my phone on me to access my Google account right?
    What happens if my phone is stolen and I have to log into my account to remotely wipe my phone?

    Hmmm nope.

      There are multiple contingency plans for when you lose access to your phone.

    I've had it on for a while, and it is slightly inconvenient I agree when you want to log into a Google service and your phone is in another room. But I just try to remember that if its annoying for me to take an extra step to log into my own account, then its probably not going to be fun for anyone else to hack into either.

    I turned on Google Authentication 2FA for a service, its very annoying, it would be a little less annoying if password apps like 1password or dashlane supported it, but i hardly login to the service i enabled it onto because of the extra steps.

    I wonder how many Gmail accounts are real and/or primary accounts? I have multiple throwaway Gmail accounts that don't need to be secure and so I only enable 2FA on the one account I have that matters. Then there are all the spam bots that are using Gmail. Surely they don't have 2FA enabled?

    Because I don't live with my phone within pinky finger reach 24 hours per day...

Join the discussion!