Google has announced that it is streamlining the process of setting up 2-Step Verification (2SV) for user accounts. Users can now enable 2SV without adding a phone number.
Prior to this change, Google required users to provide their phone number, before they could set up a 2SV method. Now, when you go to your account settings and enroll into the verification method, you can skip the phone number if you want to use one of the other methods.
While the article published by Google highlights the fact that this change will aid admins to enforce 2SV policies in their organizations, this is a welcome move for all users. That's because relying on a phone number is not a secure option, since SMS based one-time passcodes (OTPs) can be obtained by hackers, of if your device is stolen.
Google no longer requires users to add a phone number before setting up 2-Step Verification
Google lets you choose between 3 options for setting up a 2-step verification. You may opt to use an authenticator app like Google Authenticator or Microsoft Authenticator. I would suggest looking into open source alternatives such as Aegis Authenticator for Android, or 2FAS (Android, iOS) or Ente Auth (Android, iOS).
Optionally, you can use a hardware security key such as a YubiKey to protect your Google account. Google says that the keys will be registered as FIDO1 credential even if the key is FIDO2 capable. On the other hand, you can create a passkey for your Google account, and this will register it as a FIDO2 credential. A passkey will require users to input their key's PIN for local verification.
On a side note, Microsoft recently added support for Passkeys for all user accounts. WhatsApp Messenger also introduced Passkeys to allow users to relogin to their accounts securely. Bitwarden Password Manager now supports passkeys on Android and iOS. It is clear that passkeys are quickly rising in popularity. As a matter of fact, Google recently revealed that its users have used passkeys for authentication over 1 billion times across over 400 million accounts in less than a year. Interested in setting it up? Follow our tutorial to create a passkey for your Google account using your fingerprint reader, Face ID, or your device's screen lock code.
The Mountain View company also says that when a user who had 2SV enabled for their account disables the setting, other enrolled second steps such as backup codes, Google Authenticator, or a second factor phone, will not be removed automatically from their account anymore. This will likely be helpful in preventing users from being locked out of their accounts, especially when switching to a new device.
The best part is that the new 2-Step Verification process is not exclusive to Google Workspace customers, it is available for all users including personal accounts. The announcement mentions that the change is being implemented over the next two days. If you have not done so already, you can enable 2-step verification for your Google Account from your Account's security page. Enabling 2SV will protect your account from being hacked, even if your password is leaked.
Which 2SV method do you use, an authenticator app or a hardware security key?
Thank you for being a Ghacks reader. The post Google now lets you set up 2-Step Verification without adding a phone number appeared first on gHacks Technology News.
0 Commentaires