Google offers various ways to complete the cumbersome two-factor authentication (2FA) process. The basic way of SMS or a voice call requires no data, but could prove to be somewhat insecure. Meanwhile, the Google Authenticator app is more secure, but not as convenient.
In June last year, Google tried to bring the best of both worlds with Google Prompt, introducing two-step verification via push notifications; this was followed by a complete overhaul of the company’s login page this year.
Starting from next week, Google will begin pushing users who still rely on an SMS for their 2FA needs to the way of Google Prompt.
While signing in, Google will push a notification via Google Prompt on the user’s Android or iOS device – even if Google Prompt is disabled. If the user wishes to rely on their tried-and-tested method, they may skip the prompt and receive a code via SMS as they usually do.
On the other hand, iOS users will have to install the Google Search app in order to receive these push notifications.
Google says that it’s taking this step because SMS-based verification is more susceptible to phishing attacks. Google Prompt, on the other hand, uses an encrypted connection and offers real-time information about the login attempt such as the device, its location, and the time.