Google Strengthens Security with Enhanced 2FA for Android and iOS Users

By ChatGPT| [2/2/25]

Google has taken another major step in bolstering security for its users by enhancing its two-factor authentication (2FA) process. The latest update to Google Prompt, now rolling out via Google Play Services version 25.02.34, introduces an additional verification step, requiring users to authenticate with fingerprint, face unlock, or a PIN before confirming login attempts.

Why This Matters

Previously, users verifying their identity via Google Prompt simply needed to tap “Yes, it’s me” on their trusted device. However, in response to rising cybersecurity threats, Google has now implemented on-device authentication to prevent unauthorized access, even if an attacker gains control of a user’s phone.

How It Works

When a login attempt is detected, the user will receive a Google Prompt notification on their registered device. Instead of instantly approving the request, they must now:

1. Tap “Yes, it’s me.”
2. Use fingerprint, face unlock, or enter a PIN to confirm their identity.

This additional step makes it significantly harder for bad actors to exploit stolen devices or credentials.

Who Gets the Update?

• Android users: Enabled via Google Play Services 25.02.34
• iPhone users: Managed through the Google app or Gmail

The Bigger Picture

Google has been pushing for stronger account security, encouraging users to move away from traditional SMS-based 2FA, which is vulnerable to SIM-swapping attacks. Instead, the company recommends Google Prompt, passkeys, or security keys as safer alternatives.

Security experts have welcomed this move, praising Google for taking an Apple-like approach by enforcing biometric verification to protect sensitive account activities.

What Users Should Do

• Update Google Play Services (Android) or Google app/Gmail (iOS) to ensure the latest security features are enabled.
• Enable Google Prompt in their account settings.
• Use biometric authentication for a faster, safer login experience.
• Monitor sign-in attempts and reject any suspicious prompts immediately.

With cyber threats constantly evolving, Google’s multi-layered security approach provides users with greater protection while maintaining a seamless authentication experience.

How to Set Up Google Prompt 2FA for Enhanced Security

Google Prompt is a secure and convenient way to verify login attempts, replacing traditional SMS-based codes with real-time authentication on your trusted devices. Follow these steps to set it up on Android or iPhone.

---

Step 1: Enable 2-Step Verification (If Not Already Done)

1. Go to Google’s 2-Step Verification Page:
   • Open your browser and visit Google’s 2-Step Verification settings.
2. Sign in to Your Google Account.
3. Under “Signing in to Google”, select 2-Step Verification and click “Get Started.”
4. Follow the on-screen instructions to enable 2-Step Verification.

---

Step 2: Turn on Google Prompt

Once 2-Step Verification is enabled, do the following:

On Android

1. Ensure your phone is signed in to your Google Account.
2. Update Google Play Services to the latest version.
3. Open Settings > Google > Manage your Google Account.
4. Navigate to Security > 2-Step Verification.
5. Scroll down to Google Prompt and select Add a phone.
6. Choose your device from the list and enable Google Prompt.

On iPhone

1. Ensure your Google app or Gmail is updated to the latest version.
2. Open the Google app or Gmail app.
3. Tap your profile picture in the top right.
4. Select Manage your Google Account.
5. Go to Security > 2-Step Verification.
6. Scroll down and enable Google Prompt.

---

Step 3: Use Google Prompt for Login Approvals

Now, whenever you try to sign in on a new device:

1. A Google Prompt notification will appear on your trusted phone.
2. Tap “Yes, it’s me.”
3. Verify with fingerprint, face unlock, or PIN (new security update).
4. You’re securely signed in!

---

Additional Tips for Maximum Security

✅ Use biometric authentication for faster access.
✅ Turn off SMS 2FA (once Google Prompt is set up) to avoid SIM-swapping risks.
✅ Enable Passkeys for even stronger security (found under Google’s security settings).
✅ Monitor login activity and reject any unfamiliar sign-in attempts immediately.

---

Done! 🎉 You’ve now secured your Google account with an extra layer of protection. Need help troubleshooting? Let me know!

 

Google Just Locked Down Android—Do This On Your Phone Now

forbes.com

 Zak Doffman

---

Google’s Android lockdown is now in full flight, as the once footloose mobile OS becomes ever more like the more buttoned-down iPhone. Whether its clamping down on sideloading or older phones or poor-quality apps or stolen devices, narrowing the security and privacy gap to Apple seems to have become the primary focus.

And so it is with the latest reveal, spotted first by 9to5Google, with a major change to the Google Prompt that verifies “it’s you” when you log into your account on your phone. “Google Prompt is a pretty good 2-factor authentication (2FA) option for the vast majority of users, with Google now adding fingerprint or PIN authentication to the process. Over the past few days, we’ve started noticing an extra step after tapping ‘Yes, it’s me’ on the fullscreen ‘Are you trying to sign in’ Google Prompt.”

This security fronts your Google account, and backs up simple device security with something more robust when accessing your account itself or performing a sensitive task. The idea — as with other defenses such as theft protection — is that simple control over a device through a stolen PIN is not enough to do the most serious damage.

According to Android Authority, “any time more steps are added to a process, you can expect that process to take a little longer. Fortunately, something like scanning your finger or entering your PIN can be done pretty quickly. A few extra seconds is a fair trade for an additional layer of security.”

And while this is coming to your Android phone courtesy of Google Play Services version 25.02.34, iPhone users are not exempt. “Google Account users on iOS should start seeing the change as well,” Android Authority says. “Instead of Play Services, the Google app or Gmail is responsible for the prompt on iOS.”

Google “recommends Google prompts instead of text message (SMS) verification codes,” given that a signed-in, trusted device ecosystem with biometric security is much more secure than any form of messages 2FA combined with a username and password. It’s the same reason passkeys are set to become the norm.

The prompt method also can provide messages on other signed-in devices when a link attempt is made, enabling a much faster lockdown in the event of an unauthorized attempt. The latest security update should be welcomed by all.

Google Prompt 2FA requiring fingerprint, PIN authentication on Android

Abner Li

9to5google.com

---

Google Prompt is a pretty good 2-factor authentication (2FA) option for the vast majority of users, with Google now adding fingerprint or PIN authentication to the process.

Over the past few days, we’ve started noticing an extra step after tapping “Yes, it’s me” on the fullscreen “Are you trying to sign in” Google Prompt.

Google Play services throws up a standard (similar to what’s depicted below) “Use your screen lock” bottom sheet: google.com needs to verify it’s you. You continue to see Device, Near, and Time details in the background, while you can use fingerprint, face unlock, or PIN to proceed.

In the past, tapping ‘yes’ signs you in on your other device or asks to confirm a number that’s shown. 

This extra security doesn’t hurt and it’s pretty fast, but arguably most people just unlocked their phone to access the Google Prompt. (It’s a bit like the Google Wallet unlock verification introduced last year.) You of course have other 2FA (or 2-Step Verification in Google parlance) options like passkeys, security keys, or authenticator apps.

We’re seeing this 2FA Prompt fingerprint requirement with version 25.02.34 of Google Play services on Android. Play services powers all this on Android, while the Google app or Gmail on iOS is responsible for the Prompt.

Add 9to5Google to your Google News feed. 

FTC: We use income earning auto affiliate links. More.

Sign in with Google prompts - Android

support.google.com

---

When you sign in to your Google Account, you can tap a notification on your phone to confirm it’s you.

You can use Google prompts to sign in:

• With your phone instead of a password
• In addition to your password when you turn on 2-Step Verification
• When you try to recover your account

Even if you haven’t turned either of these settings on, Google might also ask you to tap a notification to help confirm it’s you signing in.

Learn which devices get Google prompts

You’ll get Google prompts on any Android phone signed in to your Google Account.

How Google prompts help protect your account

We recommend Google prompts instead of text message (SMS) verification codes to help you:

• Avoid phone number-based account hacking. Hackers may try to steal verification codes to help them break into your account. Google prompts help protect against this method of account hacking by sending them more securely to only your signed in devices.
• Get more info about sign-in attempts. To help you find suspicious activity, Google prompts give you info about the device, location, and time of the sign-in attempt.
• Block suspicious activity. If you didn’t try to sign in to your account, tap No on the notification to secure your account.

Learn more about phishing attacks.

Use recommended devices & security features

If you need to sign in to a phone that isn’t yours, sign in from a private browser window. To sign out, close all private browser windows when you finish using the phone.

To help prevent use of your device by others, turn on your phone's screen lock.

Google's 2FA prompt gets an extra layer of security

Chandraveer Mathur

androidpolice.com

---

Applications

Summary

• Google introduces account protection feature requiring two-factor authentication.
• Google Prompt now has extra security with an on-device verification step.
• New security measures are part of Play Services to help prevent unauthorized account use.

Google is particular about ensuring it is you who performs actions related to your account, and the company's ever evolving security measures lay emphasis on this. Just last week, Google introduced a device protection feature that locks critical settings behind two-factor authentication when you're not in a designated safe zone. Now, we just spotted another user authentication feature from the company picking up an additional step for thorough verification.

When you sign in to your Google account on an unfamiliar device, like in the process of setting up a fresh Chrome install, or a new smart projector with Google TV, you'll see a prompt show up on a trusted device like your primary phone, seeking confirmation. This prompt asking if it's you performing the action is delivered by a simple service called Google Prompt. Usually, you can just tap Yes or No and be done with it, even from the notification shade.

However, it is easy to see how this step is practically useless if a bad actor commandeers multiple devices you own. 9to5Google just spotted Google Prompt now showing a bottom sheet after you tap Yes, it's me. This is the standard Play Services prompt that allows using the device lock methods active at the time, including fingerprint, face unlock, or a PIN.

Additional security isn't a bad thing

Doesn't take more than a second

Source: 9to5Google

Given the growing importance of passkeys, we are glad to see Google extending a similar concept of on-device user authentication to ensure accounts aren't misused. To you and me, it shouldn't take more than a few extra seconds to key in that PIN or scan a fingerprint. This workflow replaces the simpler one where you confirm a code shown on the device you're adding after tapping the Yes option.