Google software engineer Grzegorz Milka recently took to the stage at the Usenix Enigma 2018 security conference in California where he said that less than ten percent of Gmail users protect their accounts using the company’s 2-way authentication service. Evidently, this leaves a lot of room for potential malicious attacks on Google accounts and this lack of security affects both end users and the search engine giant itself. Although the company is taking measures against hacking even on unprotected accounts, 2-way authentication isn’t enforced and the final decision to protect their personal data using the service lies in the hands of users.
The firm first introduced the 2-way authenticator for Google accounts roughly seven years ago at a time when the Android smartphone segment was in its early days. At the moment, the tool is offered as an Android application on the Play Store, allowing smartphone users to add an extra layer of security to their Google accounts by using their mobile devices as a token authenticator whenever they attempt to log into their accounts on a new device. The method is not perfect, as last year TrendMicro revealed that Russian hackers were able to circumvent the OAuth standard employed by Google for its 2-way verification process, but then again, no security system is impenetrable and generally speaking, token-based authentication is very secure. But despite the fact that Google’s solution has been available for so many years, not even every tenth Gmail user relies on it, according to Milka. The authentication method isn’t enforced by the software giant as this could be viewed by users as a hindrance, the company previously suggested.
Given these worrying figures, Google has apparently improved its methods of detecting suspicious behavior in order to determine with more ease whenever an account that lacks 2-way authentication has been compromised. The tech giant is also quick to release new monthly security updates for the Android platform, though last year, mobile cybersecurity firm Skycure revealed that roughly 71 percent of smartphones distributed by carriers in the United States are still vulnerable to attacks due to the fact that they run older security patches.