Two-factor authentication is increasingly recommended to stay safe on the internet and defend accounts from phishing attacks. Google is updating its 2-Step Verification workflow so that browsers are now responsible for walking users through using USB and Bluetooth security keys.
When 2SV is enabled on your Google Account, users first login and enter their passwords like usual. They are then prompted to insert their USB key or make sure its paired via Bluetooth, and then press the button to confirm the sign-in intent.
In the past, the dialog responsible for walking users through using a security key was from Google, the service provider. The company is now relying on browser-level prompts provided by each browser vendor. As a result, the previous animation showing the second factor method being inserted into a port is no longer available.
In the case of Chrome, it’s replaced by a dialogue that slides in from the top of the screen. Google warns that this 2FA process might now be inconsistent across Chrome, Apple Safari, Mozilla Firefox, and Microsoft Edge. The upside is that dialogues now look and feel more native to the operating system, browser, and device. It also makes for a more consistent sign-in experience across the different online services that support security keys.
With browsers now handling the workflow, Google is also tweaking the 2-Step Verification interface with new illustrations and text. Expanded Bluetooth security key support is also coming with a flag available in Chrome for Linux.
This change is available to all G Suite editions and will be on by default. It has not yet widely rolled out in our brief testing.
More about 2-Step Verification:
- G Suite admins can now disable two-factor authentication over texts, phone calls
- Google Prompt gets a Material Theme look, currently in testing w/ some Android users
- After implementing 2FA Security Keys, Google’s 85,000 employees have not been phished