Google adds new ways to customize two-factor authentication

Google is making it easier to set up two-factor authentication (2FA). Instead of first entering a phone number to enable 2FA, you can now choose a “second-step method,” such as an authenticator app or hardware security key, The Verge reports.

This will avoid less secure SMS verification. Users will now be able to enter a one-time password using apps such as Google Authenticator or link a hardware security key.

Google offers two options for binding the security key, including registering a FIDO1 account on the hardware key or creating a PIN for the key.

If a registered user disables 2FA in their account settings, their registered second steps (backup codes, Google Authenticator, or phone number) will not be automatically deleted from their account.

At the same time, if the administrator disables 2FA for a user from the admin console or using the Admin SDK, the second factors will be removed. This will protect companies from potentially malicious actions of employees who have stopped working.