Google will default to phone notifications for two-factor sign-ins

Many will tell you that two-factor authentication is more secure without using phone numbers, and Google is putting that wisdom into practice. The internet giant will make phone verification prompts the default for two-step sign-ins for “all eligible users” starting on July 7th unless they’re already using security keys. So long as you’re signed into Google on your phone, you’ll get a notification that asks you to prove it’s really you signing in elsewhere.

You’ll still have the option of different methods (such as SMS codes) if they’re available to you, but you’ll have to choose them.

It may take as long as 15 days for the change to reach your device if you’re using a corporate or institutional account. It should ultimately improve Google account security across the board, however. Two-factor systems that rely on calls or texts are vulnerable to SIM hijacking campaigns that can effectively lock you out of your account — this limits the need for those older methods in many situations.

[Read More…]