Two-factor authentication — or two-step verification in Google parlance — is a minimum requirement for staying safe online. Google today revealed that it plans to automatically enroll users with “appropriately configured” accounts into 2SV methods, like the Google Prompt.
After signing in with your username and password in Gmail or other Google service, the Google Prompt appears natively on your Android phone as either a notification or a fullscreen UI. It asks if you’re “trying to sign in” and lists the device, location, and time of where the attempt was made. Users then tap “Yes” or “No, it’s not me” to proceed. On iOS, a notification is sent to either the Google or Gmail app.
It’s long been available as an option, but Google on World Password Day announced it will “start automatically enrolling users in 2SV if their accounts are appropriately configured.” Other methods available for 2SV include using a standalone or Android security key and having access to backup codes.
The company will presumably let users disable the option as it did not specify today that 2SV is now a requirement. Presumably, Google’s hope is that people stick with two-factor authentication once it’s enabled.
Overall, this app and system-based (on Android) approach is much safer than 2FA over phone numbers, which can be hacked and is still widely used by banks. Full instructions for enabling 2SV are available here.
Google today also encouraged people to use a Password Manager, with the company recommending its own built into Chrome, Android, and iOS. It features a Password Checkup feature to check for compromised credentials from past hacks. There’s also an import feature to allow people to upload up to 1,000 logins at a time from other third-party services.