Identity, Vulnerability Management

Google: Mandatory two-step verification cut compromises in half

The Google logo is shown on a screen during a keynote address at the Consumer Electronics Show on Jan. 5, 2017, in Las Vegas. (Photo by Ethan Miller/Getty Images)

Google announced in May a plan to automatically enroll millions of users in two-step verification by the end of 2021. On Tuesday, it released early results from the project: auto-enrolled accounts were half as likely to be compromised as unenrolled ones.

According to a new blog post from Guemmy Kim, director of account security and safety, Google has successfully auto-enrolled more than 150 million Google accounts and 2 million YouTube accounts — which is in line with keeping up with proposed goals announced in October.

"We don’t just plug security holes; we work to eliminate entire classes of threats for people who depend on our services," wrote Kim.

Kim believes that the dramatic decline in compromises of two-step verified accounts could be a valuable lesson to how to best manage accounts on any platform.

"This decrease speaks volumes to how effective having a second form of verification can be in protecting your data and personal information," he said.

Using two-step verification goes hand-in-hand with general security hygiene. Multi-factor authentication is offered as baseline security advice for everything from ransomware to nation-state attacks.

Joe Uchill

Joe is a senior reporter at SC Weekly, focused on policy issues. He previously covered cybersecurity for Axios, The Hill and the Christian Science Monitor’s short-lived Passcode website.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.