What you need to know
- Google has streamlined the process of setting up two-factor authentication (2FA) for Workspace users.
- Users can now set up two-step verification without having to provide a phone number.
- Even if 2FA is disabled in your Google Account settings, your previously registered second steps and backup codes will now remain intact and will not be deleted.
Google is making it easier to set up two-factor authentication (2FA) for Workspace users, making it easier for admins to encourage members to turn on 2FA.
In a blog post, Google announced that you can now set up two-step verification without providing a phone number. Instead, you can secure your account using either the Google Authenticator app or a physical security key. Both options provide additional protection and make it harder for hackers to gain access, even if they steal your password.
Previously, you had to provide your phone number to set up two-step verification. Nowadays, many people are hesitant to share their phone numbers due to privacy concerns. Let’s face it: relying solely on SMS codes isn’t the safest approach.
While SMS verification for 2FA is better than nothing, it’s not foolproof. Google itself warns in a support document that codes sent via SMS can be vulnerable to hacks that target phone numbers.
The latest update allows you to skip the less secure SMS method and completely remove it from your security settings. By eliminating the phone number altogether, you’re opting for more secure methods like an authenticator app or security key.
Additionally, users using hardware security keys now have two options on the Passkeys and Security Keys page. You can either register a FIDO1 credential on your security key or create a passkey.
If you have a managed Google Workspace account, you may still need to sign in with your password depending on your administrator’s setup.
Another update is that your “enrolled second steps” now remain intact. If you previously disabled two-step verification in your Google Account settings, all second-step methods and saved backup codes will have been deleted. These will now be saved even if you deactivate 2FA.
However, if an admin disables 2FA for a member, all associated security measures are still removed, maintaining a comprehensive security system as before.
Google has started rolling out the update to both Workspace customers and personal account users.