Google's two-factor authentication only enabled by less than 10% of users

By on
Using Gmail. Pixabay

Less than 10 percent of active Google accounts rely on two-factor authentication (2FA), according to a Google software engineer. The revelation comes seven years after the technology company introduced the security feature.

Grzegorz Milka revealed at the Usenix's Enigma 2018 that less than 10% of people utilise two-factor authentication as a means to guard their accounts against being accessed by someone else. The feature makes it difficult for hackers to enter an account despite knowing the email address and the password. What it does is require everyone, including the owner, to enter an authentication code sent to a phone number or the Google mobile app. The code can be retrieved via text or voice call.

Milka's statement can be considered alarming, considering that Google recently announced having more than 2 billion monthly active devices.

When asked as to why Google still doesn’t consider making 2FA compulsory, Milka told The Register that there exists the risk of frustration among users. “It’s about how many people would we drive out if we force them to use additional security.”

Enabling 2FA is easy, though. A page dedicated to this feature has always existed, and users only need to follow the instructions to get started. “Even if someone else gets your password, it won't be enough to sign in to your account,” Google says on the page.

Google insists on using the feature, especially for those using the same password on multiple websites. High risks include downloading software online and clicking links on emails.

During the same security conference, Milka also pointed to a 2016 Pew study that says only 12 percent of Americans use a password manager.