What’s changing
We’re simplifying how users turn on 2-Step Verification (2SV), which will streamline the process, and make it easier for admins to enforce 2SV policies in their organizations.
Here are some of the important changes with this change:
Users may add “second step methods” (such as Google Authenticator, or a hardware security key) before turning on 2SV. This is particularly helpful for organizations using Google Authenticator (or other equivalent time-based one-time password (TOTP) apps). Previously, users had to enable 2SV with a phone number before being able to add Authenticator.
Users with hardware security keys will have two options to add them to their account on the “Passkeys and security keys” page:‘Use security key”: this registers a FIDO1 credential on the security key even if the key itself is FIDO2 capable.‘Create passkey and follow instructions to “use another device”: this registers a FIDO2 credential on the security key, and will require users to use the key’s PIN for local verification (this creates a passkey on the security key).Note: users will continue to be asked for their password along with their passkey if the admin policy for “Allow users to skip passwords at sign-in by using passkeys” remains turned OFF (this is the default configuration).
If an enrolled 2SV user turns 2SV OFF from their account settings, their enrolled second steps (such as backup codes, Google Authenticator, or second factor phone) are not automatically removed from their account. Before this change all second factors would be removed when the user turned 2SV off. Note: When an administrator turns off 2SV for a user from the Admin console or via the Admin SDK, the second factors will be removed as before, to ensure user off-boarding workflows remain unaffected
Getting started
Admins: Visit the Help Center to learn more about how to protect your business with 2-step verification.End users: Visit the Help Center to learn more about turning on 2-step verification.