What you need to know
- Google has streamlined the process of setting up two-factor authentication (2FA) for Workspace users.
- Users can now set up two-step verification without needing to provide a phone number.
- Even if 2FA is disabled in your Google account settings, your previously enrolled second steps and backup codes will now be preserved, rather than being deleted.
Google is making it easier to set up two-factor authentication (2FA) for Workspace users, so admins can more easily encourage members to turn on 2FA.
In a blog post, Google announced that you can now set up two-step verification without a phone number. Instead, you can secure your account with either the Google Authenticator app or a physical security key. Both options offer an extra layer of protection and make it much harder for hackers to gain access, even if they steal your password.
Before, you had to give out your phone number to set up two-step verification. Nowadays, many people hesitate to share their phone numbers because of privacy concerns. Let’s face it, relying solely on SMS codes isn’t the most secure approach.
While SMS verification for 2FA is better than nothing, it’s not foolproof. Google itself warns in a support document that codes sent via text messages can be vulnerable to hacks targeting phone numbers.
The latest update allows you to skip the less secure SMS method and remove it entirely from your security setup. By letting you ditch the phone number altogether, you’re opting for more secure methods like an authenticator app or security key.
Furthermore, users who use hardware security keys now have two options on the “Passkeys and security keys” page. They can either register a FIDO1 credential on their security key or create a passkey.
If you have a managed Google Workspace account, you might still need to log in with your password, depending on your administrators’ setup.
Another update is that your “enrolled second steps” will now remain intact. Previously, if you turned off two-step verification in your Google account settings, all second-step methods and saved backup codes would be deleted. Now, these will be saved even if you disable 2FA.
However, if an admin turns off 2FA for a member, all related security measures will still be removed, maintaining a thorough security system as before.
Google has begun rolling out the update to both Workspace customers and personal account users.