Google recently announced that they're planning to auto-enroll some 150 million user accounts into two factor authentication (2FA). The company prefers the term two-step verification (2SV).
The company had this to say about the planned move:
"...because we know the best way to keep our users safe is to turn on our security protections by default, we have started to automatically configure our users' accounts into a more secure state. By the end of 2021, we plan to auto-enroll an additional 150 million Google users in 2SV and require 2 million YouTube creators to turn it on."
If you're not familiar with it, here's how 2SV works in the Google ecosystem:
You start by logging in with your password. Once the system accepts that you'll be prompted to confirm your identity via some other means. Here Google has done a great job and offers a number of options including text message to your phone, phone call with a temporary PIN, email with a temporary PIN, or screen tap with an associated smartphone. You can even use an associated iOS device.
This is just the latest move in a long term strategy Google is employing to make the web a safer place to work and play for the company's legions of users. Although it will surely lead to a bit of grumbling virtually all privacy experts who have weighed in on the matter regard it as a good move and a powerful step in the right direction.
We can reasonably expect Apple, Microsoft, and other major tech companies to adopt similar policies. That means that nearly everyone else will follow suit.
Despite the fact that it's a minor inconvenience it really is a good move that will make it significantly more difficult to hack into user accounts. It won't solve the problem but it will put a serious dent in it and that's a great start.