Security News > 2021 > August > Google expects delays in enforcing 2FA for Chrome extension devs
Google says that enforcing two-step verification on Google accounts of Chrome Web Store developers will take longer than expected.
As first announced in June, Google will require all Chrome extension developers to enable 2-Step Verification to publish or update their extensions after August 2nd. "The Chrome Web Store will begin enforcing the Two Step Verification requirement in August, 2021," Chrome Trust & Safety Team members Rebecca Soares and Benjamin Ackerman said two months ago.
The end goal of enforcing 2FA on Chrome Web Store devs' accounts is to prevent threat actors from hijacking them and releasing malicious extension updates.
"Soon we'll start automatically enrolling users in 2SV if their accounts are appropriately configured," Google said in May. Google strives to increase its users' account security by removing the "Single biggest threat," making them easy to hack: hard-to-remember passwords or credentials stolen via data breaches and phishing.
In the first phase, the company will ask those already enrolled in 2FA to confirm their identity by tapping on a Google prompt on their smartphones whenever signing in.
To enroll in 2FA for your Google Account right now, you need to go here and click the "Get Started" button.
- Google patches 10th Chrome zero-day exploited in the wild this year (source)
- New SpookJS Attack Bypasses Google Chrome’s Site Isolation Protection (source)
- Pair of Google Chrome Zero-Day Bugs Actively Exploited (source)
- Update Google Chrome to Patch 2 New Zero-Day Flaws Under Attack (source)
- Google tests if 'Chrome/100.0' user agent breaks websites (source)
- Google: Manifest V2 Chrome extensions to stop working in 2023 (source)
- Emergency Google Chrome update fixes zero-day exploited in the wild (source)
- Google pushes emergency Chrome update to fix two zero-days (source)
- Google Emergency Update Fixes Two Chrome Zero Days (source)
- Update Google Chrome ASAP to Patch 2 New Actively Exploited Zero-Day Flaws (source)