Google is planning to soon make two-factor authentication default for all its users. The feature is currently optional for users, due to which most users don't activate it and get the account compromised easily. In a blog post, Mark Risher, Director of Product Management, Identity and User Security at Google, noted, "You may not realize it, but passwords are the single biggest threat to your online security – they're easy to steal, they're hard to remember, and managing them is tedious. Many people believe that a password should be as long and complicated as possible – but in many cases, this can actually increase the security risk."
As Google is used by most of the users for quick login into other services, having a vulnerable Google account can be risky. This could also be a possible factor for Google to consider making two-step verification compulsory. Two-factor authentication by default can be seen as the first step Google is taking to eliminate passwords completely.
Even though 2FA authentication is more secure, but many users do now want it for various reasons. One reason is the lack of trust over the phone number providers, which often sell personal information to advertisers. Other can be delays in OTP from the service provider or non-availability of the network.
However, Risher clarified that users would be given the opportunity to opt-out of 2FA. "More factors mean stronger protection, but we need to ensure users don't get accidentally locked out of their accounts. "