Google has changed how signing in works for most users, turning on two-factor authentication as part of an effort to boost security and eventually eliminate passwords. The feature was previously opt-in only, but now it's enabled by default for millions of users. Two-factor authentication adds an extra step while signing in, requiring a phone or dedicated app verification. This change is aimed at reducing the risk of password leaks, which can allow attackers to access multiple accounts if one password is compromised. Google hopes that this move will eventually lead to a world without passwords, and some companies have already successfully implemented alternative authentication methods. Users who don't have access to their phone can still use two-factor authentication by adding backup ways to access their account or using dedicated devices like YubiKeys.