Skip to main content

Less than 10% of Google accounts use two-factor authentication

Google Authenticator
Google Authenticator (Image credit: Android Central)

As our world becomes more and more digital with every passing day, online security should be at the forefront of everyone's minds. Two-factor authentication systems are some of the most secure that you can enable on your online accounts to ensure that only you have access to them, but according to Google, less than 10% of people do this.

Software Engineer Grzegorz Milka revealed this data at a security conference Google recently held in California, and seeing as how two-factor authentication was first introduced for Google accounts almost seven years ago, that number is pretty abysmal.

When you enable two-factor authentication on your Google or another online account, it requires you to use another device in addition to your password to log in. For example, if you're using two-factor authentication with your Google account, you'll get a unique code sent to your phone after typing in your password that you'll then need to enter before you can access any of your information. It takes just a couple more seconds of your time, but it adds a much greater layer of security to your online presence.

In addition to this, it was also revealed that only around 12% of Google users are making use of a password manager (such as LastPass or 1Password).

Milka says that Google doesn't require two-factor authentication to be turned on as it would be a usability hinderance, but let this serve as a reminder to start using this if you aren't already. For even more information on the subject, be sure to check out Jerry's complete guide.

OnePlus confirms up to 40,000 users affected by credit card breach

Joe Maring was a Senior Editor for Android Central between 2017 and 2021. You can reach him on Twitter at @JoeMaring1.

50 Comments
  • I've been using 2-factor with my Google for some time. I also have it enabled for all the other accounts that support it. However, I cannot get my wife to use it. She gets really frustrated whenever there are even slight inconveniences imposed in the name of security. She recently got a LG G6 with the nifty back fingerprint reader. She's not using it. The reason? She can't unlock her phone while it's sitting on her desk. She'd have to pick it up. I have a feeling there are a lot of people like my wife out there who intellectually understand the existential threat that hacking represents, but can't quite bring themselves to implement effective solutions that impose any sort of friction on their device usage.
  • I don't mean to be rude but it seems your wife (and people like her) are irresponsible and inconsiderate. Ask her: Does she also leave the house for unlocked when she leaves? How about the fact she stores so much private information belonging to others on her phone that can be easily stolen without a lock screen. You should give her perspective to text everyone on her contact list to never send her any personal information because she can't be bothered to protect it. In 2017, not using a lockscreen really boils down to lack of awareness or foolishness.
  • Your being overly harsh! I would assume that the bog standard user really has nothing of interest on their phones that would be of interest to third party's. Most stolen phones get wiped and sold on.
    Unless your exchanging photos of... for example.. ahem Genetalia with one of your contacts! Then I think a simple Facebook search of a contact would be more intrusive from a privacy standpoint
  • It's harsh but fair. Dick pics are the least of your worries even if you have them, but even in that case, do you REALLY want them sent to everyone in your contacts list/Facebook/Twitter? Is that a conversion you would like to have with your boss/parents/children/random acquaintances? But that's moot. The real issue is that normals will almost certainly have banking/PayPal/Amazon/eBay/gods know what else logged in on their phone.
  • I have to agree with makapav. harsh or not, when your wifes phone gets stolen and some dude takes a pic of his junk and tags EVERYONE, that's just not cool. I would pick your wifes phone up, post on her facebook like its her posting with a PSA: warning I will not use ANY security on my phone, so if I have you as a contact or as a facebook friend, please note that all YOUR info will be in someone elses hands and I can not be responsible after that. Please unfriend me if that bothers you and please text me and I will remove you from Contacts on my phone as well.
    All of her "friends" will want removed from her phone.
  • The Internet doesn't disappoint. I offered up my wife's example as a analog for a typical user's attitude toward security and instead of using it to try to understand the depth of the problem we face, they decide to bash her personally. Lovely people.
  • There are plenty of phones that have fingerprint sensors at the front, making it easy to unlock phones laying down at the desk. I have to agree with makapav. Your wife seems to be blaming minor things to avoid little inconvenience that she rates as "big deal".
  • It's her use case and her big deal, not yours...
    I personally can't stand the fps on the back as it's inconvenient on a desk and in my car charger in my use case. Thankfully I rarely need it due to smart lock.
  • I have a Pixel 2 XL and I lean my phone against my desktop pen holder. It allows enough room to touch the fingerprint sensor in the back to unlock. Works like a charm and so worth it to have the security. I, too, have used 2FA for a long time. It's nice have the extra layer of security.
  • I assume she's using a more conventional PIN or password to unlock her phone, or are you saying her phone is completely unlocked? If she prefers it completely unlocked for the convenience at her desk, maybe using the smart lock feature using her work location would be better. At least it would be locked outside of work.
  • Explain to me why anyone would ever use a password manager... Why would I entrust everyone of my passwords to a single company. That's why I have a different password for every account to keep them safe....
  • Exactly. A hell no to third party password managers... 2 factor authentication is cool though lol.
  • Because it's pretty hard (read impossible) to remember a different 32 digit password made up of random alphanumeric characters (and symbols, when allowed) for every account you have. And because password managers are completely safe to use... Unless you forget your password lol.
  • Don't use one that connects to the "cloud" and instead just keep a local backup of the database.
  • And where have you written those down? Hopefully you have a copy in a fireproof safe. You don't have to trust a company and it doesn't have to be on the cloud, whatever you are doing its much more likely to lower your security than raise it.
  • Keypass does not have a company behind. However, i use onedrive for sync.
  • I'm in the same boat. If the encryption can be bypassed on phones (or online) by law enforcement, logic would say, so could hackers. So what would be the point other than an extra step for the hackers? Until I can no longer remember my passwords, then and only then will I consider password managers. I'll stick to 2FA for now.
  • Yes, I use google two factor authentication... But not the stand alone app. I also use free Norton App lock. No ads, clean look, and you can use it with any password you want. I choose the fingerprint scanner.... I might be wrong, but I think Norton App lock is one of the only app lock programs for which fingerprint unlock is compatible. If I'm traveling, I'll lock more apps. Norton's best feature is the customization. Eg. You could request a fingerprint scanner every time you open the app... Or if you want, once you unlock it, it stays unlocked until the phone times out & locks, or is turned off.... And customize on an app by app basis. I would never, ever use a third party password manager. And finally... Although a bit annoying to keep it in my secure folder.... That's where I have my password list.... Lol, the list in the secure folder, also behind an app lock.
  • I stopped reading after Norton.
  • Lol, totally fair.
  • Same. LOL.
  • Re: 3 comments. There there.... It's ok millennials... An older generation understands your attention span was damaged by exposure to screens too early, in your most formative years. Listen more, interrupt less. With practice, your ability to verbalize more than 128 characters (about 2 sentences) will see improvement. Best of luck with developing your social skills.
  • The funniest part of that comment is that I am far from a Millenial. Old enough to remember when Norton was actually a good word.
  • I know right, that's what made me laugh.
  • Northern:
    Wow I'm not a fan of millennials either but your statement is both ridiculous and ignorant. If you have a few accounts maybe you can remember a 22 character random key for each but I've been on the internet since about 94' and have over 150 accounts because everything needs a separate login. I suffered a traumatic injury in 98' that caused short term memory loss issues so a safe password manager is a life saver. There are plenty that are more trustworthy than a Norton product but to each there own. I'm not sure when 'millennial' became the go to insult when someone disagrees with you in the internet but it's gotten pretty old real quick especially when if the people you attempt to insult are not in fact millennials but different strokes for different folks I guess.
  • It's nothing new, every generation does it. I believe it's because they resent having to cede control to people they consider children. Many millennials will no doubt do the same...
  • Haha, you're going to try to claim the superiority of age and experience while acting like an 8 year old? Has it ever occurred to you that the only real reason some Gen Xers have such a downer on millennials is because that's how the boomers treated them, and they're just not self aware enough to stop blaming "those damn kids" for their problems? I'm sure many millennials will repeat the cycle with the next generation... Grow up. It's also amusing to note that the screens millennials sat in front of in the 80s and 90s were safe, unlike some that you may have sat in front of in the 60s which emitted enough gamma radiation to worry Bruce Banner lol. And no one needs 120 (or even 240, look it up) characters to say "Norton is crap", you'd know that if you spent less time being condescending and more reading about ICT security. Someone of your generation should know you often get what you pay for. If something is free, it's often not worth the asking price. How many characters was that?
  • Norton has a bad rep, and most of the positive reviews seem purchased to say the least. I don't trust any app locking software unless it's built into the device itself and that's rare to find, as you can likely gain access to app data without accessing said app. So if you obtain access to your note/documents app you then have access to your full list of passwords. You should never maintain a list of your passwords on the same device that accesses.
  • Used it for some time and Google's implementation is dead simple. If it was any harder though I probably wouldn't bother. Or worse if it prompted verification for everything like my Apple id does, I would toss my phone in the trash.
  • Yay! I'm in the minority! Suck my enchanted security, normals!
  • I will never use a Password Manager, I'm more than capable of using complicated passwords for each website that requires it, I always make sure that each password is twenty characters long; numbers, uppercase & lowercase as well as symbols. I then paste that password into a Word document and then encrypt the file and send it to my cloud backup which uses two factor authentication and I use Google Authenticator to access when I need to amend the document.
  • So basically there's no reason for you to not use a password manager... You just like making your life slightly more awkward. Go for it.
  • No, I just don't see the need to trust another company with my passwords.
  • Well I do have everything written down.... Also backed up to a password protected file... And do forth. No worries about losing all of my passwords.
    What about just letting your browser remember all of your passwords?
  • So basically there's no reason for you to not use a password manager... You just like making your life slightly more awkward. Your passwords are actually less secure than someone like me who uses a password manager... Your passwords are written down which mean that data exists in a completely readable unencrypted state, mine do not. Your passwords also exist on the internet which means they could theoretically be obtained and cracked. Mine do not. But, whatever makes you happy.
  • Your brutal honesty on this thread is hilarious lol.
  • I know right, can't stop laughing.
  • Yeah, I'm equal parts a security advocate and a dick lol. I'm just keeping it real and telling it like it is...
  • Wow that percentage is just sad. Two factor authentication is the bare minimum every user should do. Every time a service activates it, I sign up. it's painless and leaves me worry free for that service. Password manager, my noggin. If it's a site I don't care about or have sensitive information the browser can store it.
  • Love 2FA - turn it on for any service where it's available! However rather than using Google Authenticator, I'd recommend Authenticator Plus - I find it great being able to sync everything between devices and I find the UI much better too.
  • I use it wherever I can. The main issue I've noted is that it often seems too easy to turn it off. I get it that, if you have an authenticator app enabled and then you change phones or have to do a factory reset, you need an alternate way to get in, or your account will be permanently inaccessible, but it seems a bit too easy to turn it off.
  • people not using 2FA are just lazy. it should be enabled if available. on every single log in
  • I have log in prompt turned on and get pop up on my phone to tap yes when I try log in. Aside from security, this is really really a feel good feature
  • Authy >>>> Google Authenticator
  • I have a google account only for the Youtube "Watch later" Playlist. Not using it for anything else (Apps i get via APKPure). So why should I use 2FA for that?
    I use 2FA for my high Microsoft Account, Steam and Online Banking.
  • I've been using 2FA for many years and use it on a variety of apps. While I agree that quite a few people are being more lazy than not by ignoring the option for 2FA, I also recognize that there are a large number of people, ie seniors in my mother's age group that would have problems using it. Fortunately, she also doesn't log into multiple devices; and since I've given her a Chromebook, I can always remotely log on to help her. I think some of us in this thread need to remember that not all of the population of phone users in the world have the same understanding or access to info to even know what the heck 2FA is...no matter how simple you might think it is, doesn't mean it's as obvious or simple for everyone. And so we shouldn't paint everyone with a broadbrush. On the subject of password managers, folks should realize that not every password manager requires (or even has the capability) syncing with a remote company's server. As someone else mentioned, I too just make a backup and periodically store it on a thumb drive and also have a copy running on a laptop or tablet at home. Like others have mentioned, I too have so many passwords (each 1 absolutely being different than another), so there is no way that I could remember them all. The challenge with something like a word doc is that there really isn't any other security built into Word that's going to help you if someone has your computer or if they breach your MS cloud account/email password. At least with the password managers you have some other forms of encryption to slow them down, not to mention auto self-destruct after a certain amount of attempts.
  • Nope, I do not use 2FA, too much hassle to be honest.
  • The average consumer doesn't even know what 2 factor authentication is. Google need to do a better job of promoting services. Like 2 factor, google photos, google drive, device manager. I work at best buy and we have a Google rep. But she's there twice a month as she has a lot of other stores.
  • To be honest, I used it but got sick of it. It was particularly annoying and time wasting particularly when changing devices which I do very regularly. I do have a long and complex password however that I just change once every three months. I've never been hacked and given the complexity of my password I doubt I will be.
  • Those who commented here particularly makapav speaking about the gentleman's wife are self righteous asses who should not be judging other people. And yes, it is rude!!