Google is encouraging users to enroll in two-step verification (2SV) in order to ensure that the person who attempts to sign in on your account is really you. A post on The Keyword states that the best way to protect your account from a breached or bad password is by having a second form of verification in place.
The 2SV option isn’t new for Google. I opted-in to it a while ago because I believe that 2SV is a good way to protect my gmail from people who aren’t me. I say this as a Mac users who got a gmail account back when it was new and shiny. Those of you who connected your gmail account to a variety of websites might want to consider 2SV protection. That, or see if you can remove your gmail from those websites.
Google announced that users will soon lose the ability to choose for themselves whether or not they want to enroll in Google’s 2SV.
Today, we ask people who have enrolled in two-step verification (2SV) to confirm it’s really them with a simple tap via a Google prompt on their phone whenever they sign in. Soon, we’ll start automatically enrolling users in 2SV if their accounts are appropriately configured… Using their mobile device to sign in gives people safer and more secure authentication experience than passwords alone.
I don’t think Google should require their users to enroll in 2SV if they don’t want to. Having that automatically happen could make some people angry, especially if Google doesn’t give people a way to opt-out.
Google also mentioned their Password Import feature. According to Google, it “allows people to easily upload up to 1,000 passwords at a time from various third party sites into our Password Manager (for free).” Personally, I’m not comfortable handing over all of my passwords to Google. I suspect that other people won’t want to do that, either. To me, it feels like collecting passwords is just one more way for a big company to gather data on people