On the heels of changing how its ‘Prompt’ two-factor authentication (2FA) system works, Google announced plans to move all users to the system.
For those unfamiliar with Google Prompt, it’s a security feature that sends a notification to a smartphone that you’re currently signed into with your Google account to approve a sign-in on another device. For example, if you try to sign in to Gmail on your laptop, your smartphone will prompt you to tap ‘Yes’ to allow that login attempt.
Ultimately, Prompt acts as a more convenient and secure version of SMS-based 2FA. With those systems, online platforms send a text to your phone number with a code you type in to confirm a login attempt. Unfortunately, SMS-based 2FA can be insecure since dedicated attackers can use tricks like SIM hijacking to intercept the code.
According to a G Suite blog post, Google plans to migrate all eligible Google accounts to its Prompt system starting July 7th. That means if you currently use SMS-based 2FA to secure your Google account, that’s going to change. However, Google will still offer SMS-based 2FA and users can manually switch to those messages on the ‘myaccount.google.com‘ page under the ‘Security’ tab.
Additionally, users who already use a 2FA security key won’t be changed over since physical security keys offer even more protection.
Also on July 7th, Google plans to start pushing these security prompts to all signed-in devices — a frustrating change from the current system, which allows users to control which phones receive the prompts.
While the change to sending prompts to all phones may prove annoying, overall, Google will likely improve the security of users’ accounts by moving them away from SMS-based 2FA. It’s worth noting that while the process will begin on July 7th, it could take as long as 15 days to roll out for everyone.