Two-factor authentication, or as Google calls it two-step verification, is a popular security feature that adds another layer of security to the authentication process. Users who have configured two-factor authentication use a secondary authentication option, such as a code that is sent via SMS to a linked mobile device or an authentication app, to sign-in to their account.
Google customers may configure two-step verification to protect their accounts with that second security layer. Many of you have probably configured the feature already for their accounts.
Google announced this week that it will soon enforce the use of two-step verification for Google accounts. The company wants to enroll its customers automatically, provided that the account is configured properly.
Today we ask people who have enrolled in two-step verification (2SV) to confirm it’s really them with a simple tap via a Google prompt on their phone whenever they sign in. Soon we’ll start automatically enrolling users in 2SV if their accounts are appropriately configured.
Google’s Security Checkup online tool allows users to check whether two-factor authentication can be enabled for the account and to find out which information is missing to enable the feature.
The following options are available when it comes to protecting Google accounts with two-step verification:
- Google Prompts: on Android if signed-in with the same Google Account, on iPhones, with Google’s Smart Lock app, Gmail or Google app, and being signed-in to the same account.
- Security keys: physical security keys, e.g. a Yubikey.
- Authenticator app: use of Google Authenticator or another authentication app that generates one-time security codes on demand.
- Text message or call: if a mobile phone number has been added to the account.
- Backup codes: created during setup.
Google does not mention specifically which of its customers it is going to push into using two-step verification. Any customer who has added a mobile phone number to the account or is using the same Google account on an Android device or certain Google apps on iOS, could theoretically be a targeted for the enrollment.
Now You: do you use two-factor authentication?