With character-based passwords being the weakest link of the security chain, it's time we got more serious about protecting our online accounts (if you want to get serious about a new phone, we can help you). Two-factor authentication (2FA) is the stopgap between character-based passwords and a passwordless future. Many companies have adopted 2FA, which is necessary to keep up with the increased security demands of the modern era. Google is no exception here, as it recently began forcibly enabling 2FA by default for more accounts without users needing to do anything.

For context, as of 2021, there were around 1.8 billion active Gmail account holders. Google eventually wants to enable 2FA for all its users, but they'll slowly roll out the new security change over time. Not everyone will enjoy being pushed into 2FA without having a choice. Still, it has to happen eventually for security reasons to keep everyone safer online. Until 2FA is enabled for all Google users, follow this guide to secure your account and get ahead of the game.

How to access two-factor authentication on your Google account

When it comes to accessing your Google account settings, there are various ways of doing so on Android. However, using the Google app is one of the most universal and reliable methods, no matter which device you have. To get started using the two-factor authentication feature on your Google account, do the following:

  1. Open the Google app to the main screen, then tap your profile image in the upper-right corner.
  2. Select Google Account under your name and email.
  3. On your Google Account page, swipe the ribbon menu under your email and tap Security.
  4. Scroll to the Signing in to Google section, then select 2-Step Verification.
  5. Read through the short description of the feature, then tap Get Started.
  6. Choose the Google account you want to use, and tap Next to log in.

There are multiple ways to access your Google account settings on Android. If you have a current Pixel or Samsung device, go to Settings > Google to find the main account page and go from there.

How to enable and use 2FA on your Google account

The next page shows you the phones that are signed in with your Google account. These devices act as a secondary authentication layer when you log in from a new device. In other words, you'll immediately get a notification on all the signed-in devices with an option to approve or deny the login. Since you'll need physical access to these devices, this increases the level of security on your account.

We used the login prompts from our signed-in devices to secure the Google account for this guide. However, there are other 2FA options you can use, like a hardware key or code generator. You can continue setting up 2FA on your account by doing the following:

  1. Tap Show more options at the bottom to reveal two other choices.
  2. Use a security key or get login codes via text messages or voice calls. You don't have to add either of these extra options now. You can find them in your settings later.
  3. Once you make your selection, tap Continue to move to the next screen.
  4. Add a phone number as a recovery method if you can't access your other logged-in devices. Alternatively, tap Use another backup option to select a different choice, such as one-time backup codes.
  5. Paste or type the code exactly as it appears, then tap the Next button to confirm your recovery choice.

Now you can review your current two-factor authentication settings and make sure everything checks out. Tap Turn On to enable the feature after that, and you'll be set. You'll likely get multiple Gmail and Google app popups (if you have notifications turned on) about the new changes you made. You can dismiss them as needed. At this point, you'll be sitting at the main 2-Step Verification page for your Google account.

You can look around this page to see all the settings available for two-factor authentication. If you scroll down, you'll find the extra security options to add at any time, as mentioned earlier. You could set up an authenticator app if you don't want to bother with backup codes or security keys. You can use the Google Authenticator app or a third-party one, but using an authenticator, in general, will enhance your account security.

Once things are set up, you'll see a screen like in the example images below if any attempted sign-in occurs on your account. You can accept or deny whatever request is trying to access your account with the tap of a button. You can see what device it's coming from, the location, and the time of the login attempt — all good information to know for helping to secure your account.

Why all the fuss over 2FA

Two-factor authentication has been around for over 50 years. Still, it didn't begin to enter the mainstream consciousness until about 2010, when Google revealed that it had been the target of a Chinese cyberattack that aimed to access the Gmail accounts of Chinese human-rights activists. Less than a year later, it released the Google Authenticator app, one of the first apps of its kind. Then, in 2014, several celebrities had their iCloud accounts compromised, exposing their contents to the public. It was revealed that iCloud wasn't hacked. It seems celebrities are as bad at picking passwords as the rest of us, and Apple quickly enabled 2FA for its services.

Since then, 2FA has become a "must-have" in the online world, and for a good reason. Over two billion passwords were leaked in 2021, and most of those are still in use. Passwords are hard to do right, and they're not enough to hold the hacker hordes at the gates.

Your personal information and data make your Google account a valuable asset, so you must protect it from bad actors with the utmost urgency. Now that you've enabled two-factor authentication on your Google account, you can worry less and enjoy your time using your smartphone more.

UPDATE: 2022/05/09 09:00 EST BY STEPHEN PERKINS

Google talks about the passwordless future for World Password Day.

  • Google announced its plans to build upon the current 2FA security they have in place.
  • We can likely see a passwordless sign-in option for Android and Chrome within a year.
  • This will help bridge the gap between traditional 2FA and a truly passwordless future.
  • Hardware-based 2FA keys can still be used should you wish to do that instead.