Making you safer with 2SV

Today’s cyber criminals don’t discriminate when it comes to who they target online. Everyone from politicians and celebrities to everyday citizens run the risk of having their personal information stolen.

That’s why Google has made security the cornerstone of our product strategy. We don’t just plug security holes; we work to eliminate entire classes of threats for people who depend on our services. Today alone, billions of people around the world will use our products to help with things big and small – whether it's paying for coffee with Google Pay or teaching an online class full of students – and it’s our responsibility to keep your personal information safe and secure. We know that your Gmail is often the link to accessing your non-Google accounts, for banking, social media, shopping and more. That’s why the security of Gmail is fundamental to our work to keep you safe online.

By making all of our products secure by default, we keep more users safe than anyone else in the world — blocking malware, phishing attempts, spam messages, and cyber attacks.

Last year, we accelerated our journey to eliminating password threats by starting to auto-enroll users in 2-Step Verification (2SV), giving people an extra layer of protection when cyber criminals try to hack into their accounts, by requiring a second form of verification beyond the password. Since last year’s initiative, we’ve successfully auto-enabled 2SV for over 150 million people, and we've also required it for over 2 million of our YouTube creators. As a result of this effort, we have seen a 50% decrease in accounts being compromised among those users.

This decrease speaks volumes to how effective having a second form of verification can be in protecting your data and personal information. And while we’re proud of these initial results, and happy with the response we have received from our users and the community, we’re excited about other ongoing work we’re doing behind the scenes to make our users even safer.

Making sign-in safer and more convenient

Higher security doesn’t have to mean less convenience. We are actively working on technologies that provide a secure, seamless sign-in experience and eliminate reliance on passwords – as passwords are often involved in data breaches and phishing attempts, are hard to remember, and are a pain to constantly update.

As part of this work, we led the adoption of security keys — another form of verification that requires you to simply plug in and tap your key. We know security keys provide the highest degree of sign-in security possible; that’s why we built the capability right into Android phones and our Google Smart Lock app on Apple devices. Today, almost every mobile device around the world automatically supports this technology, likely including the phone in your pocket.

Keeping You Safe Today

Ultimately, we want all of our users to have the best security protections in place — by default — across their devices and accounts. While we automatically protect users from a range of evolving threats, there are just a couple of small things we recommend that users do to be even safer:

• Take a Security Checkup, our quick step-by-step guide that gives you personalized and actionable recommendations that will instantly strengthen the security of your Google Account. It will also allow you to prepare your account for recovery, which is as simple as adding a phone number and a backup email to your account. Not only does this help us verify it's you if you forget your password, but it also makes it harder for a bad actor to gain access to your account.
• Turn on 2SV (or we will!), as it makes all the difference in the event your password is compromised. Don’t just take our word for it; many in the private and public sectors are also rallying behind 2SV. In the U.S., the Biden Administration has taken a strong position on multi-factor authentication (MFA), signing an Executive Order requiring government agencies to implement MFA for the protection of government data. We are seeing governments around the world take similar approaches.
• Utilize Google Password Manager, which is built directly into Chrome, Android and the Google App. Password Manager helps create strong passwords for all your online accounts without the need to remember them, check if they’ve been involved in a breach and ensure you won’t fall victim to phishing attempts by verifying the authenticity of sign-in pages before logging you in. Even better, it’s convenient. Instead of typing passwords, especially on small mobile keyboards, you can simply press a button after the Password Manager fills in the password for you.

In 2022, we’ll continue our 2SV auto enrollments, make signing in even more seamless, and spread awareness on all of the ways we make every day safer with Google. Visit our Safety Center for more online safety resources.