He further said that even this 10% has had trouble figuring out how SMS authentication codes work.
Two-Factor Authentication, or 2FA, is an additional layer of security that prompts users to enter an additional bit of information before they’re allowed to log in, usually codes sent via SMS or through an app like Google Authenticator.
At the question of why Google doesn’t make 2FA default, Grzegorz Milka, the above-mentioned software engineer, answered, “It’s about how many people would we drive out if we force them to use additional security,” saying that it’s about the “usability.”
According to research, people don’t use two-factor authentication because they don’t trust it and fear that their privacy will be compromised.
Experts have agreed that these fears aren’t entirely baseless as SMS authentication has a risk of interception by attackers who spoof phone numbers. However, things have become safer since Google rolled out “Google Prompt,” which offers built-in verification in Google Play services for Android and the Google app on iOS.
The company also launched a new service called “Advanced Protection Plan” for high-profile accounts which enables them to use hardware-based USB 2FA security keys instead.