Google revamps two-factor authentication for enhanced security, user experience
What's the story
Google is redefining its two-factor authentication (2FA) setup process, to increase security and improve user experience. The tech giant is transitioning from the traditional method of using a phone number to initiate 2FA. Instead, users can now add a "second step method" such as an authenticator app or a hardware security key to their account. This change aims to bypass the less secure SMS verification method.
Enhanced security
New authentication options offered by Google
Google now provides users with the option to choose a time-based one-time passcode via apps like Google Authenticator, or follow steps to connect a hardware security key. The company offers two ways to link a security key: by registering a FIDO1 credential onto the hardware key, or assigning a passkey to it. However, Workspace account holders associated with an organization intending to use a passkey, may still need to sign in via a password, depending on their organization's settings.
Broad implementation
Google's revamped 2FA process rolled out to all users
The updated two-factor authentication setup process is being introduced to all Workspace users, and those with personal Google accounts. This move comes after Google began allowing users to generate passkeys last year. Since then, over 400 million accounts have adopted this enhanced security measure, demonstrating a significant uptake of the new feature among the tech giant's user base.