As of July 7, 2020, Google will make phone verification prompts the primary Two-Step Verification (2SV) method for all G Suite users unless they are already using security keys as their 2SV/2FA method of choice. This means that if you sign in to your Google account and are also signed in on a smartphone, you will be asked to follow your phone prompts to verify the login attempt. This will help increase account security while making it easier to sign in.
Your phone will be the primary authentication method/device. The phone prompts, also known as “on-device prompts,” are more secure than text or voice codes as a form of 2-Step Verification. They’re also easier to use, as they avoid requiring users to manually enter a code received on another device. By making prompts the primary method for more users, Google hopes to help users take advantage of the additional security without having to manually change settings—though they can still use other methods of 2-Step Verification if they prefer.
We recommend Google prompts instead of text message (SMS) verification codes to help you:
–Avoid phone number-based account hacking. Hackers may try to steal verification codes to help them break into your account. Google prompts help to protect against this method of account hacking by sending them more securely to only your signed-in devices.
–Get more info about sign-in attempts. To help you find suspicious activity, Google prompts to give you info about the device, location, and time of the sign-in attempt.
–Block suspicious activity with just one tap on your device. If you didn’t try to sign in to your account, tap No on the notification to secure your account.
After you enter your password to sign in to your Google Account, Google sends a “Trying to sign in?” prompt to every eligible mobile device where you’re signed in. This prompt tells you when and where your password was entered, and then asks you to confirm or block the sign-in attempt by simply tapping your mobile device.
Users will have to tap in “Yes” so as to proceed with the next step of verification
The final step of the verification step is a number sent to a user phone to confirm that this is the same number that appears on your computer.
After tapping on the correct number on your mobile device, the user is able to login to their account safely and securely. If you’re trying to sign in and don’t get a prompt on your phone:
1. Try again. On the sign-in screen, select “Resend”.
2. Make sure your phone is connected to the Internet. You need Wi-Fi or cellular data turned on to get prompts.
3. Confirm that you’re signed in to your Google Account. Follow these steps, then try signing in again.
– On your Android, open the Settings app.
–Tap Accounts and then Google.
–Follow the steps on the screen.
You can still select a different verification method during sign-in if one is available on your account. You’ll also stop receiving prompts on a phone if you sign out of that phone. Additionally, if a user doesn’t have 2-Step Verification turned on, this will not apply. Since each personal user can choose to turn this feature on or off but it will be ON by default to every organization.
Keep sign-in simple
During sign-in, you can choose not to use 2-Step Verification again on that particular computer. From then on, that computer will only ask for your password when you sign in. You’ll still be covered because when you or anyone else tries to sign in to your account from another computer, 2-Step Verification- prompt method will be required.
To better adjust to the incoming change and ease your team’s adoption of the same,it is better for your employees/ team to start using Prompt as the default 2FA method before July 7, 2020.
From our end, we have enabled this feature to allow users to choose to use this feature if they wish. It does not make 2SV/2FA mandatory for users at this stage. But from July 7th it will be mandatory to all users unless a user personally disables the feature on their end.
-Enrolling into 2 Step Verification
Tell all users to turn ON 2SV by following these steps
Step 1.Set up 2-Step Verification
1.Go to your Google Account.
2. On the left navigation panel, click Security.
1. On the Signing into Google panel, click 2-Step Verification.
4. Click Get started.
3. Follow the steps on the screen.
Step 2: Set up backups
Backups help you get back into your account if you forget your password, lose your phone, or can’t sign in for another reason. With backups, you’re much less likely to get locked out of your account.
Disable 2-Step Verification
If a user wants to personally disable 2FA using a prompt they can do it on their own.(We highly do not recommend this). By following these steps a user will disable 2FA
1. Go to your Google Account.
2. On the left navigation panel, click Security.
3. On the Signing into Google panel, click 2-Step Verification.
4. Click on Turn Off
Access Emails on Apps that don’t Support 2SV i.e Microsoft Outlook
Programs like desktop email clients (think Microsoft Outlook or Mozilla Thunderbird or Evolution) cannot send a two-factor challenge-response.
The solution? An app-specific password, which is a special password tied to your account that’s used only for a specific program, service or situation.
How to Create Application Specific Password in Gmail and Use it in Outlook
To generate a new password for an email program, utility or add-on to access your Gmail account through IMAP or POP with two-step authentication enforced:
1. Click your name or photo near your Gmail inbox’s top right corner.
2. Tap or click the Manage your Google Account button in the sheet that has appeared.
1. Click the Security button in the left-hand sidebar.
1. Scroll to the Signing into Google section.
2. Under the Password & sign-in method section, click App passwords.
If prompted for your Gmail password, enter your password over Enter your password and click Next.
1.Make sure Mail or Other (custom name) is selected in the Select app drop-down menu. If you selected Mail, choose a computer or device from the Select device menu. If you selected Other (custom name), type the application or add-on and, optionally, device (like “Mozilla Thunderbird on my Linux laptop”) over e.g. YouTube on my Xbox.
1. Find and immediately use the password under Your app password for windows computer if you selected it. Type or paste the password into the email program, Gmail add-on or service immediately, sticky notes, or notepad. You will not see it again.
– Enter this password in Outlook prompt, That is it!!