Strengthening 2-Step Verification by showing phone prompts while making it simple to Sign in

As of July 7, 2020, Google made phone verification prompts the primary 2-Step Verification (2SV) method for all Google users unless they are already using security keys as their 2SV/2FA method of choice. This means that if you sign in to your Google account and are also signed in on a smartphone, you will be asked to follow your phone prompts to verify the login attempt. This helps increase account security while making it easier to sign in.

Your phone becomes the primary authentication method/device. Phone prompts, also known as “on-device prompts,” are more secure than text or voice codes as a form of 2-Step Verification. They’re also easier to use, as they avoid requiring users to manually enter a code received on another device. By making prompts the primary method for more users, Google hopes to help users take advantage of the additional security without having to manually change settings — though they can still use other methods of 2-Step Verification if they prefer.

We recommend Google prompts instead of text message (SMS) verification codes to help you:

• Avoid phone number-based account hacking. Hackers may try to steal verification codes to help them break into your account. Google prompts help to protect against this method of account hacking by sending them more securely to only your signed-in devices.
• Get more info about sign-in attempts. To help you find suspicious activity, Google prompts to give you info about the device, location, and time of the sign-in attempt.
• Block suspicious activity with just one tap on your device. If you didn’t try to sign in to your account, tap No on the notification to secure your account.

After you enter your password to sign in to your Google Account, Google sends a “Trying to sign in?” prompt to every eligible mobile device where you’re signed in. This prompt tells you when and where your password was entered, and then asks you to confirm or block the sign-in attempt by simply tapping your mobile device.

Users will have to tap in “Yes” so as to proceed with the next step of verification.

The final step of verification is a number sent to a user phone to confirm that this is the same number that appears on your computer.

After tapping on the correct number on your mobile device, the user is able to login to their account safely and securely.

If you’re trying to sign in and don’t get a prompt on your phone:

1. Try again. On the sign-in screen, select “Resend”.
2. Make sure your phone is connected to the Internet. You need Wi-Fi or cellular data turned on to get prompts.
3. Confirm that you’re signed in to your Google Account. Follow these steps, then try signing in again.

• On your Android, open the Settings app.
• Tap Accounts and then Google.
• Follow the steps on the screen.

You can still select a different verification method during sign-in if one is available on your account. You’ll also stop receiving prompts on a phone if you sign out of that phone. Additionally, if a user doesn’t have 2-Step Verification turned on, this will not apply. Since each personal user can choose to turn this feature on or off but it will be ON by default to every organization.

Keep sign-in simple

During sign-in, you can choose not to use 2-Step Verification again on that particular computer. From then on, that computer will only ask for your password when you sign in.

You’ll still be covered because when you or anyone else tries to sign in to your account from another computer, 2-Step Verification- prompt method will be required.

Enabling Two-Step Verification

As a G Suite Admin, you must enable 2 Step Verification within your Organizations G Suite Account if it is not enabled to allow users to choose to use this feature if they wish or you can enforce it as a mandatory security feature for each user’s account. By following these steps :

1. Sign in to your Google Admin console for your domain.
2. Go to Security > 2-Step verification

3. You can allow users to turn on 2-Step Verification on their end or you can mandatorily enforce it to every user within your organization or even choose the date you would want the enforcement to take effect.

You can enable this feature across the whole organization or even for particular users within an organization unit. For example, you can set 2FA to be mandatorily enforced for users in the finance department or even your company executives.

Enrolling into 2 Step Verification On A Users Account

Tell all users to turn ON 2SV by following these steps if the G Suite Admin hasn’t enforced it to all accounts.

Step 1.Set up 2-Step Verification

1. Go to your Google Account.
2. On the left navigation panel, click Security.

3. On the Signing into Google panel, click 2-Step Verification.

4. Click Get started.

5. Follow the steps on the screen.

Step 2: Set up backups

Backups help you get back into your account if you forget your password, lose your phone, or can’t sign in for another reason. With backups, you’re much less likely to get locked out of your account.

Access Emails on Apps that don’t Support 2SV i.e Microsoft Outlook

Programs like desktop email clients (think Microsoft Outlook or Mozilla Thunderbird or Evolution) cannot send a two-factor challenge-response.

The solution? An app-specific password, which is a special password tied to your account that’s used only for a specific program, service, or situation.

How to Create Application Specific Password in Gmail and Use it in Outlook

To generate a new password for an email program, utility or add-on to access your Gmail account through IMAP or POP with two-step authentication enforced:

1. Click your name or photo near your Gmail inbox’s top right corner.
2. Tap or click the Manage your Google Account button in the sheet that has appeared.

3. Click the Security button in the left-hand sidebar.

4. Scroll to the Signing into Google section.

5. Under the Password & sign-in method section, click App passwords.

If prompted for your Gmail password, enter your password over Enter your password and click Next.

6. Make sure Mail or Other (custom name) is selected in the Select app drop-down menu. If you selected Mail, choose a computer or device from the Select device menu. If you selected Other (custom name), type the application or add-on and, optionally, device (like “Mozilla Thunderbird on my Linux laptop”) over e.g. YouTube on my Xbox.

7.Click Generate.

8. Find and immediately use the password under Your app password for windows computer if you selected it. Type or paste the password into the email program, Gmail add-on or service immediately, sticky notes, or notepad. You will not see it again.

9.Click Done.

10. Enter this password in Outlook prompt, That is it!!