Google has introduced new methods, an updated user interface and other changes through which 2-step verification (2SV) will work for G Suite accounts.
On 26 March, Google announced three changes that will affect admins and end users of G Suite customers when they use 2SV going forward.
The first change concerns updated user interfaces for 2-step verification. Going forward, these interfaces will contain new illustrations, text, instructions in the images and dialogs in the mechanism’s flows. These alterations will all affect customers who use a Bluetooth or USB security key.
Next, Google has announced that the 2SV feature for G Suite accounts will vary across browsers. As quoted in a blog post:
You may see different flows on Chrome, Safari, Firefox, Edge, and other browsers. Previously the service provider (Google) was responsible for showing these dialogs. Now the web browser is responsible. As a result, the flow may be different on each browser.
For its last change, Google will begin rolling out Bluetooth keys as part of its 2SV process for G Suite accounts. These customers will be able enable these keys with a flag on Linux.
That being said, customers still have plenty of others ways by which they can enable 2SV. They can receive a prompt via Google Authenticator, for example. They may also use codes via text message, though phishers have proved themselves capable of bypassing this means of verification.
In terms of timing, Google will gradually roll out these changes to Rapid Release domains and Scheduled Release domains (up to 14 days for feature visibility) starting on 26 March.
Users shouldn’t just stop with their G Suite accounts. They should also make sure to enable 2SV on their other web accounts. Here’s a resource that explains how they can activate the feature on some of the Internet’s most popular websites.