Google to auto-enroll 150 million accounts into its 2SV feature
Catalin Cimpanu October 5, 2021

Google to auto-enroll 150 million accounts into its 2SV feature

Google to auto-enroll 150 million accounts into its 2SV feature

Google has announced plans today to auto-enroll 150 million user accounts into its two-step verification (2SV) system by the end of the year.

These are accounts where Google’s 2SV login feature can be enabled but where users have not done so on their own.

“Right now we are auto-enrolling Google accounts that have the proper backup mechanisms in place to make a seamless transition to 2SV,” Google said in a blog post.

This includes users with modern smartphones that run recent versions of the Android system. Once Google enables the 2SV feature, users will be asked to confirm a prompt that appears on their smartphone every time they log into their Google account on a new device, app, or browser.

2SV
Image: Google

Today’s announcement is the first step Google is taking to get its 2SV auto-enrollment plan off the ground, which the company announced back in May when it promised to auto-enable 2SV login support for all of its users by default.

As part of this long-term plan, more users will have 2SV enabled on their accounts next year as part of a carefully executed staggered rollout plan in order to avoid large breakage.

Forcing YouTube creators to enable 2SV as well

In addition, Google is also taking steps to secure YouTube creator accounts, which have often been at the center of many hacks in recent years.

Starting November 1, Google said that all YouTube creator accounts that have monetization features enabled wouldn’t be able to access the YouTube Studio section of the site unless they enable a 2SV solution.

In recent years, an entire cottage industry for hacked YouTube accounts has been flourishing in the hacking underground, on markets where accounts are often sold for prices ranging between $5 and $1,000.

YouTube-sale-accounts
Image: The Record

Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.