Google: almost no one uses two-factor authentication

In the seven years that have passed since the inclusion of Google two-factor authentication, less than 10% of the more than a billion users began to use it.


Grzegorz Milka, Google Software Engineer

On the Google page dedicated to two-factor authentication in the company's services, users are greeted with the words “Millions of users have already protected their account with the help of two-step authentication. Join us! The inscription looks very ironic, if you know that a couple of years ago the number of Gmail mail users exceeded one billion , and not tens and hundreds of millions use this method of authentication.

At the Usenix's Enigma 2018 information security conference, Google’s software engineer Grzezhoz Milka (Grzegorz Milka) said that less than 10% of users chose two-factor authentication at Google services, and only 12% of Americans use a password manager.

In theory, Google could enable two-factor authentication for all users at once, instead of taking care of account security. When asked why the company did not do this, Milka answered at the conference “The question is usability. How many people will stop using our services if we force them to use additional security tools. ”


After entering Google’s account, scammers use the same script. First, turn off notifications, then look for the information they need - including bank card data, personal photos, information related to cryptocurrency wallets, copy the list of contacts and "erase" all traces behind them.

As can be seen on the slide below, all the work on obtaining information and clearing the box from any traces of fraud takes a quarter of an hour.


In 2016, in the UK and the USA , a survey of 4,000 people was conducted on the complexity and number of passwords used, the “hijacking” of accounts and the use of two-factor authentication. It turned out that the generation of baby boomers is the most attentive to safety - people who at that time were from 51 to 69 years old. They use the same password for all accounts less often than others and more often use two-factor authentication.


All Articles