Google has announced simplified 2-factor authentication setup, adding an extra layer of security to users' accounts. Users can now use an authenticator app or a hardware security key for 2FA instead of SMS-based authentication. Workspace accounts may still require passwords alongside passkeys. Google is also improving account security by not automatically removing enrolled second steps when 2FA is turned off. However, a recent study shows a vulnerability to adversary-in-the-middle attacks in some SSO solutions.
Sort: