Better experience for SMS 2-Step Verification users with Google prompt
What’s new: In February 2017, we revamped Google prompt for 2-Step Verification (2-SV), giving users a better option to keep their accounts safe. In addition to offering 2-SV over an encrypted connection, Google prompt also allows users to block unauthorized access to their account with real-time security information about the login attempt.
With this launch, 2-SV SMS users will see an invitation to try Google prompts when they sign in. The invitation will give users a way to preview the new Google prompts sign in flow instead of SMS, and, afterward, choose whether to keep it enabled or opt-out.
Overall, this is being done because SMS text message verifications and one-time codes are more susceptible to phishing attempts by attackers. By relying on account authentication instead of SMS, administrators can be sure that their mobile policies will be enforced on the device and authentication is happening through an encrypted connection.
- The notifications to test Google prompts will be shown only to 2-SV SMS users. Security key users are unaffected by this change.
- A data connection is required to use Google prompt.
- iOS users will need the Google Search app installed on their phone to use Google prompt.
- Enterprise edition domains also have the ability to enforce security keys for more advanced security requirements.
- While users may opt out of using phone prompts when shown the promotion, users will receive follow-up notifications to switch after 6 months.