Google Simplifies Two-Factor Authentication Setup Process

Google has announced an update to its two-factor authentication (2FA) process, also known as 2-step Verification (2SV), aimed at simplifying the setup and making it easier for users to secure their accounts.

The changes rolled out on Monday, May 6, 2024, will affect both personal and Google Workspace accounts.

One of the key changes is the elimination of the requirement to provide a phone number before adding an authenticator app or hardware security key as the second verification step.

Integrate ANY.RUN in Your Company for Effective Malware Analysis

Are you from SOC, Threat Research, or DFIR departments? If so, you can join an online community of 400,000 independent security researchers:

• Real-time Detection
• Interactive Malware Analysis
• Easy to Learn by New Security Team members
• Get detailed reports with maximum data
• Set Up Virtual Machine in Linux & all Windows OS Versions
• Interact with Malware Safely

If you want to test all these features now with completely free access to the sandbox:

Try ANY.RUN for FREE

Users can now directly set up Google Authenticator, other time-based one-time password (TOTP) apps, or hardware security keys as their preferred 2FA method.

For those opting for hardware security keys, Google offers two options on the “Passkeys and security keys” page.

Users can either register a FIDO1 credential on the security key or create a passkey, which registers a FIDO2 credential.

The latter option requires users to set a PIN on the security key for local verification.

On-Demand Webinar to Secure the Top 3 SME Attack Vectors: Watch for Free.

Google Workspace users may still be required to enter their password alongside their passkey if the admin policy for “Allow users to skip passwords at sign-in by using passkeys” remains turned off.

However, if a user decides to turn off 2FA from their account settings, their enrolled second steps, such as backup codes or Google Authenticator, will no longer be automatically removed, unlike the previous behavior.

The update is expected to streamline the 2FA setup process and provide users with more flexibility in choosing their preferred authentication method.

It also aims to make it easier for administrators to enforce 2SV policies within their organizations, contributing to overall account security.

Google’s commitment to enhancing account security is further demonstrated by the fact that over 400 million Google accounts have started using passkeys over the past year for passwordless authentication.

As cyber threats continue to evolve, the adoption of modern authentication methods like FIDO2 becomes increasingly crucial in protecting users from phishing and session hijacking attacks.

Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide