Google expects delays in enforcing 2FA for Chrome extension devs

Google expects delays in enforcing 2FA for Chrome extension devs

Google says that enforcing two-step verification on Google accounts of Chrome Web Store developers will take longer than expected.

As first announced in June, Google will require all Chrome extension developers to enable 2-Step Verification (aka 2FA, dual-factor authentication, or 2SV) to publish or update their extensions after August 2nd.

“The Chrome Web Store will begin enforcing the Two Step Verification requirement in August, 2021,” Chrome Trust & Safety Team members Rebecca Soares and Benjamin Ackerman said two months ago.

“Once this enforcement is applied to a given developer’s account, they will no longer be able to publish new or update existing extensions until they enable Two Step Verification.”

However, even though the deadline remains, the company says that enforcing this security change across the user base will require additional time.

“It may take several weeks for the Two Step Verification requirement to be enforced across all Chrome Web Store accounts,” they added in an update issued on Wednesday.

Blocking Google account hijacking

The end goal of enforcing 2FA on Chrome Web Store devs’ accounts is to prevent threat actors from hijacking them and releasing malicious extension updates. 

This is also part of a broader move to secure the Chrome Web Store by ensuring that developers don’t use deceptive installation tactics and spammy or repetitive content, which would lower the overall quality of extensions.

Google also wants all users to enable multi-factor authentication by default to block attackers from taking control of their accounts by guessing their passwords or using compromised credentials.

“Soon we’ll start automatically enrolling users in 2SV if their accounts are appropriately configured,” Google said in May.

Google strives to increase its users’ account security by removing the “single biggest threat,” making them easy to hack: hard-to-remember passwords or credentials stolen via data breaches and phishing.

In the first phase, the company will ask those already enrolled in 2FA to confirm their identity by tapping on a Google prompt on their smartphones whenever signing in.

To enroll in 2FA for your Google Account right now, you need to go here and click the “Get Started” button.

Source link

Sign up for our daily Cyber Security Analysis and Threat Intelligence news.