Although two-step verification helps to improve account security, it does not seem to be popular among Google users. A Google security engineer said on Tuesday that less than 10% of all active Google accounts used this extra protection.
“In fact, such a clear security mechanism has not been widely adopted,” said Google engineer Grzegorz Milka at the USENIX Enigma 2018 conference.
Although this percentage is indeed very low, it is not entirely unexpected. Although two-step verification can prevent hacking accounts, but also sacrifice some convenience. The general mode of this mechanism is as follows: When you want to access the account, not only to enter the password but also enter the phone received the verification code. However, charging and entering the verification code will increase the login time, so many users will close this.
“People think this is an unnecessary step,” Mika said. There are also users worried about sharing their mobile number with online services.
But sometimes, simply using a password to protect your account is not enough. Hackers use other software leaked data, or use phishing tools to obtain user passwords. Google research found that 67 million valid Google account login information can be found from third-party data.
“The password theft ecosystem is very prosperous,” Mika said. “There are tens of thousands of account changes every day.”
Fortunately, Google also added additional security measures to the account. For example, if the company’s internal system detects any abnormal logins, it verifies that the action is from the user.