2-Step Verification Methods
- Security Keys: Using security keys for 2-Step Verification is the most secure method for protecting against phishing threats. They can be either a Hardware Security Key, Titan Security Key or a Your phone’s built-in security key (available on phones running Android 7+ or iOS 10+)
Upon signing into a Google Account, the device detects that the account has a security key, the user has to connect their security keys by USB, Bluetooth, or NFC (Near Field Communication), depending on the type of key. - Google Prompt: A sign-in prompt can be set up in Android or Apple mobile devices. When they sign into their Google Account on their computer, they get a “Trying to sign in?” prompt on their mobile device. Sign in will be allowed by simple tap. In addition to adding security, signing in this way is faster and easier than entering a verification code.
- Google Authenticator and other verification code generators: Using an app like Google Authenticator or a hardware token, users can generate one time verification codes. Users enter their code to sign in on their computer and other devices, including mobile devices. These apps don’t need internet connect inorder to generate codes.
- Backup codes: Backup codes can be used if the user doesn’t have their mobile device or works in an area where mobile devices are not allowed.
Text message or phone call: Mobile devices receive a 2-Step Verification code via text message or voice call from Google
Optimal practices for 2-Step Verification
- Ensure administrators and key users are subject to 2-step verification You can decide whether 2-Step Verification should be optional or mandatory for your users. However, it is highly recommended to enforce 2-Step Verification for your administrator accounts who has all access in your organization and users who work with your most important business information such as financial records and employee information.
- Consider the use of security keys in your business Think about using security keys as a 2-Step Verification method in your business since they are the most secure method.
- Security keys— They don’t require users to enter codes.
- Alternatives to security keys— You can use Google prompt or Google Authenticator if you do not wish to use security keys. Users simply tap their device on the Google prompt rather than entering a verification code, so it provides a better user experience.
- It is not recommended to use text or voice messages— Depending on external carriers, they might be intercepted.
Source: Mignet