Google defaults to prompts for two-step authentication

Text messages are often used as a means of implementing two-factor authentication on websites and in apps, but now Google is actively pitching its own alternative, known as Google prompt, to customers.

Traditionally users would receive a one-time code on their mobile device contained within a text message which they would have to enter to gain access. With Google’s solution though, they will receive a prompt asking if they are trying to sign in. Users trying to sign in will gain access while those not expecting the login prompt will be denied.

Google first started to promote prompts within G-Suite during July as an alternative to SMS based two-factor authentication and users were invited to try out the new security feature. Since SMS messages containing authentication codes are prone to phishing attacks, the company is now making prompts the first choice when users enable two-step verification.

However, Google prompt requires a data connection so SMS based two-factor authentication will still be available as an alternative alongside backup codes, Authenticator and Google’s Security Keys.

The company offered further details on how this new form of two-step verification will work in a blog post, saying:

This will only impact users who have not yet set up 2SV [two-step verification]. Current 2SV users’ settings will be unaffected. In addition, if a user attempts to set up 2SV but doesn’t have a compatible mobile device, he or she will be prompted to use SMS as their authentication method instead.

Two-step verification is fully supported right out of the box on devices running Android and iOS users will need to install the Google app in order to enable and use prompts.