Facebook and Google are both forcing some users to switch to two-factor authentication in 2022.
The technology requires people to log in using a password and a secure code sent to their phone or email address. Critics say the decision poses too much of a burden for the average user. Cybersecurity experts insist it’s the least we can do.
“Passwords are breakable. Passwords can be stolen. Passwords can be guessed,” said Dr. Vahid Behzadan, a professor of computer science at the University of New Haven. “By adding two-factor authentication, we are making a successful compromise a little more difficult for the attacker.”
Dr. Behzadan said one of the biggest hurdles in cyber security is apathy from the general public.
“Many do not take security seriously,” he said. “Sharing passwords, writing passwords on a Post-it note and putting it on your desk, or choosing predictable, easy-to-guess passwords.”
Nearly 2 in 5 Americans shared one of their passwords with someone in 2021, according to a survey published in October. A different survey found that half of Americans believed their passwords are secure.
In a May post on the Google blog, the company’s director of product management, identity, and user security called passwords “the single biggest threat to your online security.” He said the company hopes to eliminate passwords altogether in the future.
“The internet is still suffering from that lack of foresight,” said Dr. Behzadan. “Internet protocols that were designed in the 80s are still in use, and they're still a major cause for concern in terms of cybersecurity.”
In the meantime, Google recommends using a password generator to create strong, unique passwords for every account. The company offers a password manager in its Chrome app so users don’t have to memorize everything. Similar products are available through Apple and Microsoft.