Google is rolling out a major two-factor authentication (2FA) process update. The search giant stated " We are simplifying how users turn on 2-Step Verification (2SV), which will streamline the process, and make it easier for admins to enforce 2SV policies in their organizations," via an official blog post.
This update is intended to make installing 2FA more flexible and intuitive, making it easier for administrators to put 2FA requirements into practice. In the past, Google users had to register a phone number as their second authentication step before enabling 2FA.
However, after this update, Google users don't need to enable phone-based verification. Instead with the help of authenticator apps like Google Authenticator or physical security keys, users can set up 2FA. You can either use a security key or create a passkey and follow instructions to authenticate the process.
You can use FIDO1 or FIDO2 credentials with physical security keys. However, a PIN is mandatory on the security key if a user wants to create a passkey, which only allows you to use FIDO2 credentials. Also, for personal accounts, a password is still mandatory.
Workspace or organisation users can use the admin policy "Allow users to skip passwords at sign-in by using passkeys" to use password-less logins. If a workspace user manually turns off 2FA, the second-factor methods like security keys and backup codes won't be deleted automatically, which ensures that off off-boarding process of any employee is simplified.
Google initially rolled out Passkeys for Android and Google Chrome users in 2022, and it has now been used in more than 400 million Google accounts. We can expect this new 2FA authentication process to roll out users in the next three days.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
