Google Account

Starting in 2023, Fitbit will require a Google Account to use new devices and features. As part of transitioning to a single account system, Fitbit.com is losing support for Google sign-in.

Enabling two-factor authentication for the vast majority of your online accounts is the bare minimum in this day and age. Google Pay will soon require 2FA (2SV) to “view any payment info.”

In addition to announcing initial Android and Chrome support, Google today detailed how passkeys on Android will sync to its Password Manager.

Apple, Google, Microsoft, and others in the industry want to replace website/app passwords with “passkeys” that just require you to unlock your device. Starting today, Android and Google Chrome will support signing in with passkeys.

With the launch of Fitbit’s latest devices, “Fitbit by Google” branding was introduced. The Sense 2 and Versa 4 already have a UI modeled after Wear OS 3, but the integration is getting deeper from 2023 onward when Google Accounts will be required to use Fitbit.

Following the US Supreme Court’s decision to overturn Roe v. Wade, people have raised concerns about how sensitive health and location data could be used against them. Google today announced “additional steps [it’s] taking to protect user privacy around health issues,” including auto-deleting abortion clinic visits from Location History.

The technology industry (Apple, Google, Microsoft) ultimately wants to get rid of passwords with passkeys. Until then, the Google Password Manager is starting to offer on-device encryption so that “only you can see your passwords.”

Following our report last month, Google today announced its support for “passwordless FIDO Sign-in standards” and previewed what the end-user experience of passkeys on Android and Chrome will look like. 

The security industry, as organized by the FIDO (Fast IDentity Online) Alliance, has been working to replace passwords given people’s tendency to use weak ones or reuse them. Two-factor authentication (2FA) has helped to remedy that but the future is “passkeys,” with Android and Google readying support.

For Safer Internet Day 2022, Google is previewing a handful of new features across several products, including Assistant, Fi, and Account security, and a slew of related initiatives.

Last year, Google started automatically enabling 2-Step Verification for end users. It has now successfully done so for 150 million people and this 2SV requirement has resulted in a 50% decrease of compromised Google Accounts.

Back in May, Google said it would start automatically enabling two-factor authentication on eligible accounts. As part of Cybersecurity Awareness Month, Google today provided an update on its account 2SV efforts.

Google is rolling out two security-related changes that are aimed at simplifying the process of getting 2-Step Verification (2SV) backup codes through a new page and approving permissions on the OAuth screen.

Besides appearing in the top-right corner of every Google app, your avatar is most prominently used for Gmail. A new “Google Illustrations” tool lets you find and build a custom profile picture.

Where supported, “Sign in with Google” is a convenient way to log in to third-party services without having to keep track of different passwords. Google is now consolidating its sign-in offerings, which includes the new “One Tap,” under “Google Identity Services.”

For the past few years, Google has aggressively encouraged adoption of two-factor authentication (2FA) — or 2-Step Verification (2SV) as the company refers to it. This includes physical security keys that plug in over USB, while it also offers phone security keys. The latest effort turns Chrome for Android into a security key for Google Account sign-in. 

Given the service-reliant nature, Google support for Android encompasses multiple layers. One such way is controlling Account access, and Google next month is ending sign-in support for very old versions of Android.

SMS is widely regarded as an insecure form of two-factor authentication, and another example of this has just emerged. A carrier looks to be injecting ads into the Google verification code used to sign in to services like Gmail.