Google looks to end text message 2FA with new Prompt service


Text messages are often used as a means of implementing two-factor authentication on websites and in apps but now Google is introducing its own alternative called “Google Prompt.” 

Traditionally users would receive a one-time code on their mobile device contained within a text message which they would have to enter to gain access.  Now though, they will receive a prompt asking if they are trying to sign in.  Users trying to sign in will gain access while those not expecting the login prompt will be denied. 

Google first debuted prompts within G-Suite during July as an alternative to SMS based two-factor authentication and users were invited to try out the new security feature.  Since SMS messages containing authentication codes are prone to phishing attacks, the company is now making Google Prompts the first choice when users enable two-step verification. 

However, Prompts require a data connection so SMS based two-factor authentication will still be available as an alternative alongside backup codes, Authenticator and Google's Security Keys. 

The company offered further details on how this new form of two-step verification will work in a blog post, saying: 

“This will only impact users who have not yet set up 2SV. Current 2SV users' settings will be unaffected. In addition, if a user attempts to set up 2SV but doesn’t have a compatible mobile device, he or she will be prompted to use SMS as their authentication method instead.” 

Two-step verification is fully supported right out of the box on devices running Android and iOS users will need to install the Google app in order to enable and use prompts. 

Image Credit: Bloomicon / Shutterstock