As the saying goes, you can lead a horse to water but you can’t make it drink. And that seems to be the case when it comes to increasing adoption of security features, too. Google software engineer Grzegorz Milka recently shared an alarming statistic: Less than 10% of active users turn on multi-factor authentication (MFA) for their Google accounts.
Google users are forgoing multi-factor authentication
Seven years after Google introduced MFA, it seems adoption is still woefully low. Given that Gmail accounts are highly-prized targets for criminals, more people should be taking advantage of the added protection.
We’ve long talked of the benefits of adding additional authentication steps for better security. By adding another login step, you’re making it that much more difficult for someone to break into an account. And really, it’s easy to set up, it’s free, and it keeps opportunistic hackers at bay.
What’s not to like?
Security at the cost of convenience?
Well, the trouble is, added security often comes with a perceived level of inconvenience that many people don’t want to deal with. As Milka said in his talk, “It’s about how many people we would drive out if we force them to use additional security.” Like all services, Google has to weigh security and usability.
In our own study released last year, we found that 26.5% of businesses were standardizing on multi-factor authentication. It’s encouraging to see that businesses are implementing these best practices and being proactive in securing employee accounts.
But consumers are often left to make the decision for themselves, and it’s clear most of us aren’t being proactive enough. You can easily be more secure than most Google users out there just by turning on MFA.
Stop being lazy, start being more secure
In my own experience, any usability impacts from MFA are minimal. Many of today’s top MFA options are easy to set up and use. Plus, some can even authenticate you with a tap on a push notification to your phone, without even needing to type in a code.
And if you’re using a password manager to autofill your username and password, you’re already saving time and streamlining the login process. Adding the additional MFA login step becomes much less disruptive when passwords are automated for you, too.
In my opinion, the hardest part is 1) educating people about multi-factor authentication so they’re aware of what it is and 2) taking the few minutes to set it up. Many companies, including Google and Facebook, are now being more pro-active about asking users to do “security check-ups”. MFA is often presented as an option during those check-ups, so we hope to see adoption rise as a result.
If you’re not yet using MFA for Google, LastPass, and your other important accounts, take this as a friendly, urgent reminder to turn it on today! Doing the basics well will put you ahead of the pack, and you’ll feel more confident in your online security, too.