Forced Compliance, a Service by Google

 Let me start by saying 2-factor authorization is a good idea. In fact, it's a great idea for security, especially if your computer or password is compromised. That being said, Google recently announced that it would automatically enroll everyone into 2-factor authorization, whether they want to be or not. 

Now, I understand Google probably has metrics on the back end showing how many accounts are compromised and how often, but to auto-enroll people into a program they may not even understand isn't the way to make things safer overall. 

Education is the best way to make the internet and e/Gmail accounts more secure. Strong passwords, not using the same password in multiple locations, using a VPN when out and about, etc. Forcing people - people like my mom or someone who only has a Gmail account because they have an Android phone - to use a service that requires their phone be by their side at all times does a disservice to everyone - everyone except Google themselves.

What do I mean by that? First you have to understand how 2-factor authorization works. Simply put:

1. You go to log into Gmail.com (or any Google service, I'm assuming) with your username and password.
2. Google then sends your phone a signal letting you know someone is trying to log into your account.
3. You accept the notice since it's you or you question the notice because someone else is trying to log into your account. 

This will happen every single time you try to log into your Google services. When you're at home? Yes. When you're at work? Yes. How about when you're visiting a friend's house and you need to print from their computer? Yep. Traveling and using the hotel's business center? Yep. Using a library computer? Yes.

You get the picture. For most of us, this won't matter, but for a few of us, this will be a daily or multiple times a day event. 

That being said, what about the very real world where you don't always have your cellphone within arm's reach? Maybe you left it upstairs or downstairs? Maybe you left it in the car? Maybe the battery is dead, or you lost it, broke it or otherwise can't access the device? What then, you can't access your Google services?

Google sent me an email stating my account was automatically switched to 2-factor authorization. I immediately switched it back to no-factor authorization for a couple of reasons.

• I have incapacitated phones in the past and may again in the future and will need access to my Google services.
• I don't always have my phone on me. It's rare, but it occasionally occurs that I leave the house without my phone and will need access to my Google services.
• The battery dies and I don't have a charging cable on me. Also rare, but also has happened. 
• Not in a cell reception or wifi area, which happens more than you'd think around here (Denver suburbs).

There are instructions on the internet on how to turn off 2-factor authorization if you need them. I'm not advising you one way or another on what to do in this situation, I'm only saying what's best for me.

Like many things Google does, they try to wrap their reasoning in "convenience" for the consumer. For example, they make you turn on location data on your Android device to use just about any feature these days, especially Maps. Forcing you into 2-factor authorization not only protects your account, but it forces you to be within arm's reach of your phone whenever you need to log in, which means more accurate tracking data of where you actually are. Which means more data about you, which means more targeted ad selling. Which equals more profits. 

If the service is free, you're the product.

If Google was really concerned about your account, they wouldn't force you into taking extra steps, they'd require stronger passwords and educate their users on the benefits of 2-factor authorization, hoping for adoption. They would be better at filtering and countering purveyors of Spam and they would flag emails that mimic legitimate websites that come from obviously fake URLs. Or, maybe they do these things and I just don't see it because I keep my online systems heavily locked down and I know what to look for in regard to fake or phishing attempts. 

YMMV