Resistance is futile. We’ve said it for years…enable 2FA for all of your services when available. It amazes us that there is still resistance to 2FA. Get over it. For most systems you can select to trust your device for some period of time. Normally, that means you won’t need to enter or confirm a 2FA code for weeks or until you change your password. Microsoft now includes 2FA for no additional charge for all Microsoft 365 subscriptions, but it is not enabled by default. Ars Technica reports that Google will now automatically enroll users in 2FA for “appropriately configured” accounts. Google didn’t define what “appropriately configured” means, but we’re guessing most users will finally get enrolled in 2FA.
For those that are still resistant to 2FA, Microsoft and Google have reported that having a second factor is nearly perfect in stopping account takeovers. You can’t get much better than that, especially when it is free.