Passwords are tormented by problems.

Brett Pierce / CNET

If you were among the 150 million people Google required to use two-factor authentication last year, consider yourself lucky: the chance that your account has been hacked has halved.

In the last three months of 2021, Google automatically registered 150 million account holders, along with 2 million YouTube users, in what it calls 2-Step Verification or 2SV. The security process typically combines a password with a second login challenge, such as a confirmation message in a Google app or a hardware security key.

The demand proved to be justified. Account compromises were half as likely for 2SV accounts as for password-only accounts, Google said in a blog post Tuesday.

“This reduction says a lot about how effective a second form of verification can be to protect your data and personal information,” Google said. “Turn on 2SV (or we’ll do it!), Because it matters if your password is compromised.”

Google has an incentive to push its users towards a stronger sign-in system. There are billions of account holders in Gmail, Google Workspace and YouTube. This makes it a tempting target for hackers, who often use social engineering tricks to extract information from people. And email accounts like Gmail are especially important for security: Resetting other passwords often goes through email, so a compromised email account can lead to other hacks.

Switching to two-factor authentication is a big step for many people, but probably not the last, as companies try to deal with the increasingly obvious disadvantages of password-only login. We forget passwords, choose weak ones and reuse passwords on many sites. The Have I Been Pwned service, which alerts you to leaks of sensitive information, has compiled a list of more than 613 million passwords detected in data breaches.

Multi-factor authentication means that hackers will not profit from your stolen password. It also helps to enable a future in which we throw away passwords entirely.

Microsoft is promoting password-free authentication that uses biometric technology such as Windows Hello face identification, phone-based authentication applications, and security keys. Google also hopes to gradually remove the passwords.

Apple, which requires two-factor authentication when setting up a new device or logging in to your Apple account on the network, also insists in the same direction. It works on a technology called iCloud passwords that will enable password-free login this is now available for developer testing.

All the fundamental work of the world’s largest technology companies is a good indication that if you only use login passwords, you need to prepare for some changes. This also shows that we will see safer alternatives to the common but imperfect two-factor authentication, text messages sent to your phone.

Google is a big fan of hardware security keys, small devices that connect wirelessly or via USB ports. Using them has destroyed successful phishing attacks against Google employees. However, such switches introduce new challenges because they can be complex. Price is also a factor. Even cheap security keys cost at least $ 29.

Another big change in security is the adoption of password managers such as LastPass, 1Password, Bitwarden and KeePass. Google directs people to its own password manager, which is built into Chrome and Android and can be used on iOS. Apple has also built a password manager into its iPhone, iPad and Mac software and with a utility to use it on Windows.