PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

Google Prepares to Auto-Enroll 150M Accounts in Two-Factor Authentication

The upgraded security setup is designed to prevent hackers from breaking into a user account in the event a password is successfully guessed or stolen.

Michael Kan
 & Michael Kan Principal Reporter

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS

If you don’t have two-factor authentication activated on your Google account, don’t be surprised if the company does it for you. 

On Tuesday, Google announced it plans on auto-enrolling 150 million users into the company’s “two-step verification” system by the end of this year. This means anyone logging on to the affected Google accounts will need both the registered password and access to the account holder’s mobile phone. 

Google originally introduced its effort to auto-enroll users into the two-factor authentication system back in May. But at the time, the company simply said the plan would be implemented “soon” without elaborating. 

It’s unclear if Google has already been auto-enrolling users since then. But on Tuesday, the company specifically mentioned the 150 million figure. 

“By the end of 2021, we plan to auto-enroll an additional 150 million Google users in 2SV and require 2 million YouTube creators to turn it on,” Google Chrome Product Nanager AbdelKarim Mardini and Account Security Director Guemmy Kim write in a blog post.

 Google 2SV

Recommended by Our Editors

Google Will Soon Spot Fake Calls on Supported Android Phones
Google Will Soon Spot Fake Calls on Supported Android Phones
Report Cites Misinformation As Key Threat to Election Security, Doesn't Name the Biggest Offenders
Report Cites Misinformation As Key Threat to Election Security, Doesn't Name the Biggest Offenders
Meta's AI Chatbot Allegedly Helped Hackers Hijack Instagram Accounts
Meta's AI Chatbot Allegedly Helped Hackers Hijack Instagram Accounts

The search giant is auto-enrolling a wide number of users to help stop account hijackings. Hackers can often break into online accounts by using software programs to successfully guess the passwords or by uncovering re-used login credentials from past data breaches. 

However, a two-factor authentication can stymie an intrusion attempt by requiring anyone logging in to provide a second mode of user verification, which usually involves generating a one-time passcode on the account holder’s smartphone. The passcode then has to be entered into the login window.  

In Google’s case, the company will issue a prompt to the account holder’s smartphone after the correct password is successfully entered. Taping the word "yes" on the prompt will then complete the login process. 

“2SV has been core to Google’s own security practices and today we make it seamless for our users with a Google prompt, which requires a simple tap on your mobile device to prove it’s really you trying to sign in,” Google says in Tuesday’s announcement. 

However, the company is only going to auto-enroll users to the 2SV system if they have recovery information saved to their accounts, such as a secondary phone number or email. “We also recognize that today’s 2SV options aren’t suitable for everyone, so we are working on technologies that provide a convenient, secure authentication experience and reduce the reliance on passwords in the long-term,” the company adds.

If you’re not a fan of Google’s two-factor authentication system, you can also opt out by going into your account settings. The company's 2SV prompt should only appear for devices you're signing into for the first time. For devices you regularly use and trust, it should rarely appear. 

About Our Expert

Michael Kan

Michael Kan

Principal Reporter

My Experience

I've been a journalist for over 15 years. I got my start as a schools and cities reporter in Kansas City and joined PCMag in 2017, where I cover satellite internet services, cybersecurity, PC hardware, and more. I'm currently based in San Francisco, but previously spent over five years in China, covering the country's technology sector.

Since 2020, I've covered the launch and explosive growth of SpaceX's Starlink satellite internet service, writing 600+ stories on availability and feature launches, but also the regulatory battles over the expansion of satellite constellations, fights with rival providers like AST SpaceMobile and Amazon, and the effort to expand into satellite-based mobile service. I've combed through FCC filings for the latest news and driven to remote corners of California to test Starlink's cellular service.

I also cover cyber threats, from ransomware gangs to the emergence of AI-based malware. In 2024 and 2025, the FTC forced Avast to pay consumers $16.5 million for secretly harvesting and selling their personal information to third-party clients, as revealed in my joint investigation with Motherboard.

I also cover the PC graphics card market. Pandemic-era shortages led me to camp out in front of a Best Buy to get an RTX 3000. I'm now following how the AI-driven memory shortage is impacting the entire consumer electronics market. I'm always eager to learn more, so please jump in the comments with feedback and send me tips.

The Best Tech I've Had:

  • My first video game console: a Nintendo Famicom
  • I loved my Sega Saturn despite PlayStation's popularity.
  • The iPod Video I received as a gift in college
  • Xbox 360 FTW
  • The Galaxy Nexus was the first smartphone I was proud to own.
  • The PC desktop I built in 2013, which still works to this day.

Read the latest from Michael Kan

Read full bio