Google has long offered users the ability to protect their accounts with 2-step verification. The functionality adds an additional layer of security over and above the password. It becomes impossible to change the password unless a code that’s sent to the user via SMS is entered first. However, to further improve security and mitigate the risks associated with SMS authentication services, Google is going to shift 2-Step verification from SMS to phone-based prompts.
The company announced Google prompt for 2-Step verification back in February this year. It enables users to block unauthorized access to their account with real-time security information about the login attempt.
It pushes a pop-up push notification to the user’s device and asks them to verify the attempt. This eliminates the need to enter a security code sent via SMS. Starting next week, 2-Step verification SMS users will be invited to try prompts when they sign in.
This way, they can preview the prompts and decide later whether they want to enable it or opt-out. Those who don’t want to use it can stick with the SMS-based verification system.
Google says that it’s making this shift because SMS text messages and one-time codes are more susceptible to phishing attempts by hackers.