How well does two-factor authentication really protect user accounts?

In case of doubt, a password is not enough to protect an account. If it is guessed, hacked or stolen, the user is out of luck. But what is the point of additional security?

For 150 million user accounts, Google activated an additional security query when logging in by the end of last year, known as two-factor authentication (2FA). This means that in addition to the password, you have to “identify” yourself with another so-called factor in order to get into the account. This could be a code issued by a 2FA app on the smartphone.

Google evaluates 2FA experience

For those who may be wondering whether the extra effort is really worth it, Google is now presenting a preliminary empirical value from a sample of 2 million YouTube accounts that have been converted to 2FA with the 150 million user accounts. Since then, it says, cases of unauthorized account intrusion have fallen by 50 percent in the sample.

Google therefore wants to continue to gradually activate 2FA for all accounts. Those who do not yet use the additional verification can of course activate 2FA themselves. This works in the Google account under “Security/Sign in with Google/confirmation in two steps”. If you still have doubts about the suitability of Google’s 2FA for everyday use, you do not risk anything by activating it. 2FA can also be turned off again.

Also interesting: The best TAN generators for online banking

Not only Google offers 2FA

Two-factor authentication is not just offered by Google; it is now available from almost all major services and many smaller ones as well. Users should activate 2FA wherever possible, advises the German Federal Office for Information Security. A quick look at the respective account settings reveals whether 2FA is available on a service or not.