[enscr]

Recently I lost access to an old google account that I hadn't used in a long time. Google asked me a couple of questions like when was the account created, I purposely entered the month incorrectly. This was followed by some other vague questions like which other google services do I use etc. Finally I was surprised at how easily I was able to reset my password. An evil mind can easily compromise tonnes of accounts because there are ways to guess a lot of the data Google asks. I'll skip the details here.

Bottomline, Google & its users need to step up account security, atleast for their primary account that's tied to banking etc. 2FA is definitely a temporal piece of mind until someone finds a loophole.

[wesleyac]

Currently, the "loophole" in 2FA is that almost no one enables it. Although it's great that Google offers it, it doesn't help when >95% (Just a guess off the top of my head, but seems reasonable) of people don't enable it.

I only know one person who uses 2FA, besides myself, yet almost everyone that I know uses GMail.