Google is “simplifying” the process of setting up two-step verification, and with this change, the previously necessary requirement for setting up this security element is removed: adding a phone number before anything else. The company is thus correcting a policy that had a reason at the time, but was not happy about it for a long time.

The two-step verification or double verification This is another layer of security that many users have already become accustomed to: a second step when logging in to an Internet service after entering the required credentials (username and password) in order to strengthen the security of said access. . And there are different ways to do it, some more recommended than others.

However, this was not always the case. The measure began to gain traction on the basis of SMS with confirmation codes, a simple procedure and within the reach of the most lay user, therefore the company required a phone number before configuring any other two-step verification method. And so it has been until now, as the Internet giant announces to all Google Workspace users.

The reason for this change is to accommodate current best practices that discourage phone use. by itselfbut rather a phone number as a way to get verification codes, because it is not a safe option: in addition to the possible loss of the device, the vulnerability of the messaging protocol itself is added, something that has warned for years, it should be noted.

It probably sounds familiar: it’s two-factor authentication using a Google prompt

Actually, Google has long favored software notifications for users who signed in to their Google account on their mobile, even though the phone number was kept as mandatory, simply to configure the relevant feature. The latter is now changing, although the option remains available.

So when a user wants to add a two-step verification method, they can choose the method they prefer: a notification or message with a Google prompt, use a dedicated app like Google Authenticator or others with the same purpose… or alternative verification codes from one-time use, were there always. You can of course also integrate an access key into this process, either in the form of a physical device or as a Passkey, although these are solutions limited to advanced users or the platform itself.

And yes, you can also use the phone number you added – in this case to verify the device – to receive a verification code, either via SMS or call. However, it should be emphasized that this is the least recommended method.

The easiest way to activate and configure two-step verification in your Google account is to do it through a web browser on your computer by entering this link (and identifying yourself with your credentials). A good recommendation in this regard is to use more than one method and make sure they are compatible with each other (for example, activating the notification and installing an authentication app on your mobile and using Passkey on your PC…).