Tuesday, November 12, 2024
Homecyber securityGoogle Simplifies Two-Factor Authentication Setup Process

Google Simplifies Two-Factor Authentication Setup Process

Published on

Malware protection

Google has announced an update to its two-factor authentication (2FA) process, also known as 2-step Verification (2SV), aimed at simplifying the setup and making it easier for users to secure their accounts.

The changes rolled out on Monday, May 6, 2024, will affect both personal and Google Workspace accounts.

One of the key changes is the elimination of the requirement to provide a phone number before adding an authenticator app or hardware security key as the second verification step.

- Advertisement - SIEM as a Service
Document

Integrate ANY.RUN in Your Company for Effective Malware Analysis

Are you from SOC, Threat Research, or DFIR departments? If so, you can join an online community of 400,000 independent security researchers:

  • Real-time Detection
  • Interactive Malware Analysis
  • Easy to Learn by New Security Team members
  • Get detailed reports with maximum data
  • Set Up Virtual Machine in Linux & all Windows OS Versions
  • Interact with Malware Safely

If you want to test all these features now with completely free access to the sandbox:

Users can now directly set up Google Authenticator, other time-based one-time password (TOTP) apps, or hardware security keys as their preferred 2FA method.

For those opting for hardware security keys, Google offers two options on the “Passkeys and security keys” page.

Users can either register a FIDO1 credential on the security key or create a passkey, which registers a FIDO2 credential.

The latter option requires users to set a PIN on the security key for local verification.

On-Demand Webinar to Secure the Top 3 SME Attack Vectors: Watch for Free.

Google Workspace users may still be required to enter their password alongside their passkey if the admin policy for “Allow users to skip passwords at sign-in by using passkeys” remains turned off.

However, if a user decides to turn off 2FA from their account settings, their enrolled second steps, such as backup codes or Google Authenticator, will no longer be automatically removed, unlike the previous behavior.

The update is expected to streamline the 2FA setup process and provide users with more flexibility in choosing their preferred authentication method.

It also aims to make it easier for administrators to enforce 2SV policies within their organizations, contributing to overall account security.

Google’s commitment to enhancing account security is further demonstrated by the fact that over 400 million Google accounts have started using passkeys over the past year for passwordless authentication.

As cyber threats continue to evolve, the adoption of modern authentication methods like FIDO2 becomes increasingly crucial in protecting users from phishing and session hijacking attacks.

Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

10 Best DNS Management Tools – 2025

Best DNS Management Tools play a crucial role in efficiently managing domain names and...

Sweet Security Announces Availability of its Cloud Native Detection & Response Platform on the AWS Marketplace

Customers can now easily integrate Sweet’s runtime detection and response platform into their AWS...

Researchers Detailed Credential Abuse Cycle

Cybercriminals exploit leaked credentials, obtained through various means, to compromise systems and data, enabling...

New Android Malware SpyAgent Taking Screenshots Of User’s Devices

SpyAgent, a newly discovered Android malware, leverages OCR technology to extract cryptocurrency recovery phrases...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Researchers Detailed Credential Abuse Cycle

Cybercriminals exploit leaked credentials, obtained through various means, to compromise systems and data, enabling...

New Android Malware SpyAgent Taking Screenshots Of User’s Devices

SpyAgent, a newly discovered Android malware, leverages OCR technology to extract cryptocurrency recovery phrases...

Tor Network Suffers IP Spoofing Attack Via Non-Exit Relays

In late October 2024, a coordinated IP spoofing attack targeted the Tor network, prompting...