Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

Jump to content

US EditionChange

UK EditionAsia EditionEdición en Español
Sign up to our newslettersSubscribe: $6 for 6 months
More
Best
Climate
TV

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in

Gmail two-step verification: Less than 10% of Google users have its most important security feature enabled

It makes it harder for people to break into your account, even if they have your login details

Aatif Sulleyman
Monday 22 January 2018 17:06 GMT
Comments
Technicians work on a Hey Google booth in front of the Las Vegas Convention Center in preparation for the 2018 CES in Las Vegas, Nevada, U.S. January 6, 2018
Technicians work on a Hey Google booth in front of the Las Vegas Convention Center in preparation for the 2018 CES in Las Vegas, Nevada, U.S. January 6, 2018 (REUTERS/Steve Marcus)

One of Gmail’s most effective security features is hardly used by anyone, Google has revealed.

Two-factor authentication (2FA) has been enabled on less than 10 per cent of active Google accounts, the company says.

The feature is designed to make it much harder for people to break into your account, even if they have your email address and password.

11 useful Gmail features you didn't know existed

Show all 11

With 2FA enabled, you’ll be required to enter an authentication code in addition to your login details.

As Google puts it: “You sign in with something you know (your password) and something you have (a code sent to your phone).”

You can turn it on by clicking this link and following Google’s step-by-step instructions.

“Codes are uniquely crafted for your account when you need them,” says Google.

“If you choose to use verification codes, they will be sent to your phone via text, voice call, or our mobile app. Each code can only be used once.”

Asked why 2FA isn’t mandatory on all accounts, Google software engineer Grzegorz Milka said the company fears the feature could turn users off.

“The answer is usability,” he told The Register. “It’s about how many people would we drive out if we force them to use additional security.”

Google lets you choose not to use two-step verification on a particular computer. When you sign into your Gmail account on that computer, it will only ask for your email address and password.

Recommended

On other computers, two-step verification will be required.

The company recently revealed the biggest risks to users of Google services.

In the space of 12 months, it found 788,000 login credentials stolen via keyloggers (tools that secretly record every key you press), 12 million stolen via phishing (a method of tricking you into giving up your personal information), and 3.3 billion exposed by third-party data breaches.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in