Starting on July 7, 2020, Google will make phone verification prompts the primary 2-Step Verification (2SV) method for all eligible users, unless they are already using security keys as their 2SV method of choice.
This means you sign in to your Google account and are also signed in on a smartphone, you will be asked to follow phone prompts to verify the login attempt. This will help increase account security while making it easier to sign in.
This won’t apply if you use a security key to protect your account. You’ll also still be able to use other methods (such as a code received by text) by selecting a different method during the phone prompt verification steps.
Why it’s important
Phone prompts, also known as “on-device prompts,” are more secure than text or voice codes as a form of 2-Step Verification. They’re also easier to use, as they avoid requiring users to manually enter a code received on another device. By making prompts the primary method for more users, Google hopes to help them take advantage of the additional security without having to manually change settings—though they can still use other methods of 2-Step Verification if they prefer.
How phone prompts work
After you enter your password to sign in to your Google Account, Google sends a “Trying to sign in?” prompt to every eligible mobile device where you’re signed in. This prompt tells you when and where your password was entered, and then asks you to confirm or block the sign-in attempt by simply tapping your mobile device. You can still select a different verification method during sign-in if one is available on your account. You’ll also stop receiving prompts on a phone if you sign out of that phone. Learn more about phone prompts.
Users with security keys are excluded from this change
Users will not have prompts as their primary 2SV method in two situations:
- If an organization enforces the “Only security key” 2-Step Verification option for a user, there will be no change and the user will continue to be required to use security keys.
- If a user currently has, or at any point in the future adds, a security key on their account, the security key verification will be presented as the primary method.
Additionally, if a user doesn’t have 2-Step Verification turned on, this will not apply.
- Admins: This feature will be ON by default. Admins can only disable the feature by requiring the use of security keys. Visit the Help Center to learn more about protecting your business with 2-Step Verification.
- End users: This feature will be ON by default and can be disabled by the user. Visit the Help Center to learn more about signing in with 2-Step Verification.
- Rapid and Scheduled Release domains: Gradual rollout (up to 15 days for feature visibility) starting on July 7, 2020
- Available to all G Suite customers and users with personal accounts.