A Google software engineer told attendees of the Usenix Enigma conference in Santa Clara, Calif., this week that under 10% of active Google accounts have enabled two-factor authentication.
Google first rolled out 2FA for Gmail in 2011, but comments by Google's Grzegorz Milka (reported by The Register) reflect the common security dilemma of convenience trumping stronger security.
Milka reportedly told The Register that usability is the reason Google has not made 2FA a mandatory feature for Gmail accounts. "It's about how many people would we drive out if we force them to use additional security," he said.
See the full report here.