Less Than 1 in 10 Gmail Users Enable Two-Factor Authentication

It has been nearly seven years since Google introduced two-factor authentication for Gmail accounts, but virtually no one is using it. From a report: In a presentation at Usenix's Enigma 2018 security conference in California, Google software engineer Grzegorz Milka this week revealed that, right now, less than 10 per cent of active Google accounts use two-step authentication to lock down their services. He also said only about 12 per cent of Americans have a password manager to protect their accounts, according to a 2016 Pew study.

Needed it to protect my Bitcoin

[Linsaran]

About 3 years ago someone stole roughly 2.45 BTC from me.

The event was a real wake up call for me security wise. They hacked e-mail address to access a password reset form on coinbase and they used social engineering on my cell phone carrier to forward SMS messages (which I used as 2FA on coinbase) to steal that money from me. Ever since then I've had all my 2FA set up through google authenticator instead and 2FA set up on literally everything I can.

It was only worth about $700 at the time, but now . . .

I used to, then stopped

I had 2FA enabled, then left my phone in an uber by accident and a subsequent passenger stole it. The emergency 2FA codes I'd printed out didn't work. In order to track and remotely disable my phone, I ended up having to use a computer which I'd thankfully left logged into gmail to disable 2FA for my account (which for some reason it allowed me to do without any 2FA code), after which I could do what needed doing. I haven't re-enabled it since because I realized that losing or breaking my phone is frankly more likely than having my password stolen, and losing my phone with 2FA enabled can be a disaster of its own (even if emergency codes work, what if I don't have them with me? And if I need to carry them with me whenever I stray more than an hour or so from home, that makes it much more likely that the emergency codes themselves could be lost or stolen.) As I learned after that incident, any other services you've tied into Google Authenticator 2FA also become a huge hassle to regain access to, because just installing Google Authenticator on your replacement phone won't cut it.