Google makes setting up 2-step verification easier and more secure

Google announced changes to how users can set up and manage 2-Step Verification (2SV) on their accounts. These changes can simplify the process for users and offer more ease and security.

Previously, users had to enable 2SV with a phone number before adding stronger second-factor methods like security keys or authenticator apps. Now, users can directly add these methods before even enabling 2SV, which makes the overall setup smoother.

Users may add “second step methods” (such as Google Authenticator, or a hardware security key) before turning on 2SV. This is particularly helpful for organizations using Google Authenticator (or other equivalent time-based one-time password (TOTP) apps). Previously, users had to enable 2SV with a phone number before being able to add Authenticator.

For users with hardware security keys, Google introduces two options:

• FIDO1 credential: This is the standard option, registering the key with your account.
• Passkey: This option creates a passwordless login experience on compatible devices if the organization allows it.

Another noteworthy change is that disabling 2SV won’t automatically remove your enrolled second-factor methods anymore. This can give more control and avoid accidental lockouts. But, admins can still remove them if needed for user management purposes.

Both users and administrators benefit from these changes. Users get a simpler and more secure 2SV setup process and have more options in choosing and managing their second-factor methods. Organizations can implement stronger security policies with Passkey support.

These new features are rolling out gradually to all Google Workspace users and personal Google accounts, with a complete rollout expected within three days of May 6, 2024.

More here.