Google: Less than 10 percent of Gmail users have two-factor authentication

Google announced at the Usenix Enigma conference in the US that less than ten percent of its users use two-factor authentication. Gmail has supported that option for several years since its introduction in 2011.

During the presentation, Google only reported that the percentage is less than ten percent, without mentioning an exact percentage. The Register asked the internet giant why two-factor authentication is not being made mandatory. The answer was that this has to do with usability and the number of people who would stop using the service if additional security measures were required.

In addition, Google shared some details of its detection capabilities for unauthorized access to a Gmail account. For example, an attacker often performs typical actions, such as turning off notifications for the owner and searching the account for valuable information. This also includes copying the contacts and installing a filter. By adapting its detection techniques, Google wants to detect this type of behavior earlier, according to The Register.

Google introduced two-step authentication in 2011, making it possible to confirm a login attempt via SMS. If an attacker has the password of an account with 2fa, he can only get in if he also has the SMS code. Over the years, Google has made some changes, such as logging in with a USB stick, introducing a prompt to curb SMS usage, and establishing an “advanced protection” program for sensitive accounts.