Google: almost no one uses two-factor authentication
In the seven years that have passed since the inclusion of Google two-factor authentication, less than 10% of the more than a billion users began to use it.
Grzegorz Milka, Google Software Engineer
On the Google page dedicated to two-factor authentication in the company's services, users are greeted with the words “Millions of users have already protected their account using two-step authentication. Join us! The inscription looks very ironic, if you know that a couple of years ago the number of Gmail mail users exceeded one billion , and not tens and hundreds of millions use this authentication method.
At the Usenix's Enigma 2018 information security conference, Google’s software engineer Grzegor Milka (Grzegorz Milka) said that less than 10% of users chose two-factor authentication at Google services, and only 12% of Americans use a password manager.
In theory, Google could enable two-factor authentication for all users at once, taking care of account security instead. When asked why the company did not do this, Milka answered at the conference, “The question is usability. How many people will stop using our services if we force them to use additional security tools. ”
After entering Google’s account, fraudsters use the same script. First, turn off notifications, then look for the information they need - including bank card data, personal photos, information related to cryptocurrency wallets, copy the list of contacts and "erase" all traces behind them.
As can be seen on the slide below, all the work on obtaining information and cleaning the box from any traces of fraud takes a quarter of an hour.
In 2016, in the UK and the United States , 4,000 people were surveyed on the complexity and number of passwords used, the “hijacking” of accounts and the use of two-factor authentication. It turned out that the generation of baby boomers is the most attentive to safety - people who at that time were from 51 to 69 years old. They are less likely than others to use the same password for all accounts and more often use two-factor authentication.
Grzegorz Milka, Google Software Engineer
On the Google page dedicated to two-factor authentication in the company's services, users are greeted with the words “Millions of users have already protected their account using two-step authentication. Join us! The inscription looks very ironic, if you know that a couple of years ago the number of Gmail mail users exceeded one billion , and not tens and hundreds of millions use this authentication method.
At the Usenix's Enigma 2018 information security conference, Google’s software engineer Grzegor Milka (Grzegorz Milka) said that less than 10% of users chose two-factor authentication at Google services, and only 12% of Americans use a password manager.
In theory, Google could enable two-factor authentication for all users at once, taking care of account security instead. When asked why the company did not do this, Milka answered at the conference, “The question is usability. How many people will stop using our services if we force them to use additional security tools. ”
After entering Google’s account, fraudsters use the same script. First, turn off notifications, then look for the information they need - including bank card data, personal photos, information related to cryptocurrency wallets, copy the list of contacts and "erase" all traces behind them.
As can be seen on the slide below, all the work on obtaining information and cleaning the box from any traces of fraud takes a quarter of an hour.
In 2016, in the UK and the United States , 4,000 people were surveyed on the complexity and number of passwords used, the “hijacking” of accounts and the use of two-factor authentication. It turned out that the generation of baby boomers is the most attentive to safety - people who at that time were from 51 to 69 years old. They are less likely than others to use the same password for all accounts and more often use two-factor authentication.