Google’s caution is understandable but overly pessimistic.
It seems people have enough trouble coping with passwords that enforcing another security layer through 2SV would break usability. It’s about how many people would we drive out if we force them to use additional security. Milka offered a clue when he was asked why, if it’s such a great idea, Google doesn’t simply make using it mandatory: Why, then, aren’t more Gmail users interested? It’s not difficult to set up, it costs nothing and, best of all, it is guaranteed to raise the bar for attackers. The importance of using 2SV (a form of multi-factor authentication or MFA) with Gmail and other sites, has been a running theme on Naked Security for some time. One could debate whether ‘under 10 percent’ is really that bad – that’s at least tens of millions of accounts after all – but what’s clear is since 2011 Gmail has added a lot of new users without adding a lot of new 2SV users. Milka went on to mention a Google-sponsored study from November that analysed how criminals target Gmail, and why these accounts have become so highly prized, a way of saying the company isn’t happy with this status quo. Seven years after 2SV first appeared, take-up is still under 10%, engineer Grzegorz Milka is reported to have told a session at the Enigma 2018 Usenix security conference. Google has finally admitted something alarming about the world’s one billion regular Gmail users – barely any have turned on two-step verification (2SV) security.
0 kommentar(er)
