Google today published updates on how it plans to increase user account security, including a goal to auto-enroll an additional 150 million Google users into two-step verification (2SV), and require 2 million YouTube creators to enable 2SV, by the end of this year.
This step is Google's latest move to improve account security and builds on existing measures including the Google Password Manager, built directly into Chrome, Android, and the Google App. iOS device owners can use Chrome to autofill saved passwords in their other apps as well, and Google says they'll soon be able to use Chrome's password generation tool for any iOS app.
The company states the best way to improve user security is to enable protections by default; however, it also acknowledges not everyone will be ready for these changes at the same time.
"We also recognize that today's 2SV options aren't suitable for everyone, so we are working on technologies that provide a convenient, secure authentication experience and reduce the reliance on passwords in the long-term," officials write in a blog post. "Right now we are auto-enrolling Google accounts that have the proper backup mechanisms in place to make a seamless transition to 2SV."
In a separate blog post today, Google shares the details of its Inactive Account Manager, which aims to better protect digital accounts after people stop using them. The Colonial Pipeline attack came through an inactive account that didn't use multifactor authentication, officials note, and this summer's T-Mobile breach affected information from inactive prepaid accounts.
The Inactive Account Manager, available under My Account settings, lets users determine when an account should be considered inactive, whom to notify and what to share when an account is inactive, and whether an inactive Google account should be deleted.