You may not realize it, but passwords are the single biggest threat to your online security – they’re easy to steal, they’re hard to remember, and managing them is tedious. Many people believe that a password should be as long and complicated as possible – but in many cases, this can actually increase the security risk. Complicated passwords tempt users into using them for more than one account; in fact, 66% of Americans admit to using the same password across multiple sites, which makes all those accounts vulnerable if any one falls.
In 2020, searches for “how strong is my password” increased by 300%. Unfortunately, even the strongest passwords can be compromised and used by an attacker – that’s why we invested in security controls that prevent you from using weak or compromised passwords.
At Google, keeping you safe online is our top priority, so we continuously invest in new tools and features to keep your personal information safe, including your passwords.
On World Password Day, we’re sharing how we are already making password management easier and safer, and we’re providing a sneak peek at how our continued innovation is creating a future where one day you won’t need a password at all.
Keeping Your Google Sign In Safer
One of the best ways to protect your account from a breached or bad password is by having a second form of verification in place – another way for your account to confirm it is really you logging in. Google has been doing this for years, ensuring that your Google Account is protected by multiple layers of verification.
Today we ask people who have enrolled in two-step verification (2SV) to confirm it’s really them with a simple tap via a Google prompt on their phone whenever they sign in. Soon we’ll start automatically enrolling users in 2SV if their accounts are appropriately configured. (You can check the status of your account in our Security Checkup). Using their mobile device to sign in gives people a safer and more secure authentication experience than passwords alone.
We are also building advanced security technologies into devices to make this multi-factor authentication seamless and even more secure than a password. For example, we’ve built our security keys directly into Android devices, and launched our Google Smart Lock app for iOS, so now people can use their phones as their secondary form of authentication.