90% of Users with Google Accounts Practice Unsafe Security. Do You?

sign in security feature

Only a fraction of online accounts are protected with strong passwords and two-factor authentication. Don’t be part of the 90 percent.

A surprisingly low percentage of Google account holders take the necessary steps to keep their Gmail and other Google services secure. Not only are users still using terrible passwords like “qwerty” and “password,” less than 10 percent have enabled two-factor authentication. Now is the time to evaluate your online security practices and ensure all your online accounts are as hack-proof as possible.

Are You Part of the 90 Percent?

We get news about a new major security breach from big online services regularly. The 3 billion compromised Yahoo! user accounts and the recent WannaCry ransomware attack are just two serious threats that come to mind. Despite the flurry of stolen user data, users continue to use weak passwords. This past year, “123456” was at the top of the password list. According to researchers at the security firm, SplashData, this puts out an annual report on the weakest passwords. We are in 2018 now, and it should go without saying—you need to create a strong password (better yet, a full passphrase) for everything you do online.

The other troubling statistic is that 90% of Google account users are not using Two Factor Authentication (2FA) to lock down their accounts. During a recent security code conference, Google Software Engineer, Grzegorz Milka, said less than 10 percent of Gmail users had activated 2FA to lock down and secure their accounts. This shocking statistic, despite the fact Google and all online companies have made using 2FA a lot easier.

Setting up 2FA is much easier than it was when Google first introduced it seven years ago. You can use SMS, phone calls (even landlines), or apps like Google Authenticator to get the second verification code for your accounts. So, we want everyone to take some time out of their day to create a solid security plan with strong passphrases and 2FA. Just do it! Sure, it will take a few minutes to set up, and there’s an extra step when logging into your account. But remember that convenience is the enemy of security.

For detailed step-by-step instructions on 2FA, read our article (linked below) that explains what 2FA is and how to set it up on the most popular online services:

Two Factor Authentication Guide to Secure Your Online Life

Do you use a strong password and two-factor authentication for all of your online accounts? Let us know in the comment section below.



  1. David Higginbottom

    January 24, 2018 at 6:54 am

    Can you tell me why this matters? I have not bothered as I don’t use google for anything other than searching,

    • Steve Krause

      January 24, 2018 at 3:17 pm

      The main issue is if you use your Google account for Gmail, Google Docs, Google Drive etc… In the era of machine/ai deep learning, a username and password is just not good enough any longer. To secure your account, you MUST user 2FA.

  2. john burke

    January 24, 2018 at 8:04 am

    There are systems introduced by google that are without approval of account holders that are not secure.
    the new system introduced with no opt out by account holder of grouping g mails from each source together which render access to the mail transmission required with the inevitability of that particular mail being moved to trash or all mail
    secondly if forwarding a mail item from this grouping google decides which item to forward and in my case it was not the correct mail item
    Time google returned to independent control of personel mail to the owner which would curtail the searching through grouped mail items

  3. Kevin Clemmer

    January 24, 2018 at 11:58 am

    Realistically, this is just good practice. I build systems for a living and even as well versed as I am I have NO complete idea who’s using what data for their purposes. I’ve had attempted hacks from countless entities simply looking for Bitcoin mining openings, and the typical N. Korean, Chinese and Russian probes…and I don’t use Google for anything but Email.

  4. David Higginbottom

    January 24, 2018 at 3:45 pm

    Thanks all – I steer clear of all the Google add-ons but appreciate that they are becoming hard to avoid…particularly if invited to collaborate etc. Good advice to up my security – it has not changed since Google started.

  5. Steve Krause

    January 24, 2018 at 8:24 pm

    Thanks for the reminder. Each time I log in to my Chase.com banking account, it sends me an SMS text. I’ve been meaning to enable the same for my Gmail (which I’ve now done)!

    Thanks again Brian! Happy that I’ve now joined the 10% of secure accounts! :) :)

Leave a Reply

Your email address will not be published. Required fields are marked *


To Top