Google replaced SMS as the default 2-Step Verification method last year with device-based Prompts. iOS users were instructed to install the Google app for two-factor authentication when logging in. To increase adoption, Google is now making 2SV available through the Gmail mobile app.
Since sending security codes through text messages is vulnerable to spoofing, Google turned to 2-Step Verification via what it calls the “Google Prompt.” Upon signing in to a Google app or service, your phone will receive a notification asking you to confirm you are logging in or reject.
In addition to being more secure, it provides more information with the Prompt highlighting what browser and operating system is being used to sign-in, the location, IP address, and the exact time.
On iOS, users were directed to install the primary Google app which offers a full Search and Feed experience. A notification would ask users to open the app where they’d be greeted with a fullscreen Prompt.
By allowing Gmail to receive 2SV, the company notes it “should encourage more people to use Google prompt” given how email is already a widely installed application — and due for a big redesign.
Interestingly, if both Google and Gmail are installed on an iPhone or iPad, the Prompt will default to the latter email client. This security functionality is rolling out to all Google users in the coming weeks.