In my “Questions I’m Asked About Google” #1 live video stream (https://vortex.com/google-1) a few days ago, I emphasized the importance of protecting Google Accounts with Google’s excellent 2-factor authentication system.
In response I’ve received a bunch of queries from Google users who do not understand how to set this up or use it, even though they very much want to.
These concerns fall into a number of categories. Even though I explained that it’s safe to give your phone number to Google — Google won’t abuse it — many users are still resistant, and note that they do not see a way to activate Google 2-factor protection for other authentication mechanisms (e.g. Google Authenticator App and/or Backup Codes) without first providing their phone number information.
Others want to use their existing (non-Google) mail programs after activating Google 2-factor, but are utterly confused by Google’s “application-specific passwords” system that is required to do so.
When you’re trying to get users to take advantage of the best possible security, and have successfully convinced them that this is a good idea, but your documentation is still written in a way that many non-techie users dependent on your services cannot readily understand — you have a serious problem.
Despite positive strides at Google in terms of help center and other documentation resources, Google is still leaving vast numbers of their users behind.
Google can do better.