Google enables new two-step 'prompt' log-in verification from your phone

Having two-step verification enabled on your Google account is an absolute must for keeping it safe, and today Google has enabled yet another way to verify your log-in attempts called a "Google prompt." Now sitting alongside the Google Authenticator app, text messages and security keys is the option to simply verify log-in attempts by unlocking a registered phone — the feature was announced today for paid Google Apps accounts, but has also been enabled for personal Google accounts as well.

Once enabled through the Google security settings online, you can choose to have your phone prompt you with a full-screen notice any time a Google account log-in attempt was made — you simply tap "yes" on your phone and the log-in will be completed on the computer you tried to log in on. (You can also tap "no" if this was an unauthorized attempt.) The only requirements are a data connection on the phone and the latest version of Google Play Services. It can even be used on an iPhone using the Google Search app.

The new two-step option is not unlike Google's Smart Lock feature on Chrome OS, which lets you unlock your Chromebook when your registered phone is within Bluetooth range and unlocked.

This new Google prompt two-step verification option removes the extra step of waiting for a text message to arrive or opening an app like Google Authenticator to enter a code — all you have to do is have your phone nearby and have it secured with a lock screen. It also can stand alongside the Google Authenticator (or a third-party authenticator) app, meaning you could have multiple devices that are able to handle log-ins. In other words, this just took away any excuse you could've previously had for not having two-step verification enabled on your account.

Andrew was an Executive Editor, U.S. at Android Central between 2012 and 2020.

  • I always admired Microsoft for doing it. I caught one attempt in my Microsoft account and simply said no. And there was a log that where it was attempted based on IP address. Glad Google is following the right direction. Simple and easy. Hopefully there is a confirmation on Yes part in case i fat finger it. Posted via the Android Central App
  • I'm sure there will be. Google has provided account login activity including the associated IP address for ages.
  • There isn't. The Yes is the confirmation. But they're big, largely-separated buttons.
  • Thanks. I haven't used it yet. Posted via the Android Central App
  • Same here, the Microsoft app has been great for this sort of thing. As many times as I'm on my MSDN account it makes it so much easier. Posted via the Android Central App
  • Set it up and works perfectly; very cool feature. Wish this was how all two-factor authentication logins were handled, instead of logging into an app, getting a code,
  • Yeah. Two days ago, I was surprised that Google asked me to do this when I logged into Gmail from a different PC. Posted via the Android Central App
  • so i just enabled this. i also changed my password at the same time. then chrome and my phone kicked my google account off to enter my password again and both asked me to use the authenticator app and not the prompt. hmmm
  • There should be backup codes in your account where you made the change. I know that saved me for quiet few times. Posted via the Android Central App
  • Well as soon as you change your google account password your phone is going to ask you to reauthenticate ... and if you haven't authenticated (or have just now authenticated) with the new password on the phone, how can they trust that link enough to use that phone as a 2nd step? Seems like a good precaution and proper security to me.
  • i get that it wouldnt send the notification to the phone when signing back in my figured it would send the notification to my phone when i signed back into chrome.
  • I'm saying that since you had just changed your password and just re-signed-in on the phone, there's a great chance that Google hadn't yet established that that device was properly authenticated and could then be used as a 2nd factor for signing into your computer. Posted via the Android Central App
  • so ive signed in to my account a few times since and its always asking me to use the google auth app. so i checked the 2FA settings under my account and it now says and and is only showing my N7 and not my N6. when i first set it up it showed both and i picked my N6.
  • Nice. Can we use this in conjunction with an authenticator app for those rare occasions when we have no data connection? It's best to assume I'm being sarcastic. if I'm ever serious I'll type "/s" to make it clear.
  • "It also can stand alongside the Google Authenticator (or a third-party authenticator) app, meaning you could have multiple devices that are able to handle log-ins."
  • Haha cool, thanks. My only defence is how late it is here :p It's best to assume I'm being sarcastic. if I'm ever serious I'll type "/s" to make it clear.
  • I admit to never having enabled two step authentication but I know I should. What do you do if you are away from home and your phone is lost or dead? I can especially see if phone was lost or stolen and I'm trying to get into Android Device Manager. Posted via the Android Central App
  • I'm with you. I just set it up, and it seems very easy, but what if there is something wrong with my phone? What is the next step?
  • When you enable two-step verification you get a set of "backup codes" that are one-time use codes that don't expire and will let you into your account. This would be a great use for those, if you were ever in a situation where your phone was lost and you needed to log into an unknown computer to wipe the phone. Google also encourages the use of a backup email and/or backup phone number that can both help with identifying you and letting you into your account.
  • There is an option to print 10 one time use codes to keep in your wallet for backup in case you don't have your mobile.
  • that doesn't seem to work. I hit the setup button and it just does nothing but attempt to load up.
  • I still see problems. If my purse is stolen, my backup codes are probably gone too. If the alternate email uses 2 step, then I can't use it either. Posted via the Android Central App
  • You've got a point. I was thinking about a similar situation I'm always facing.
    Let's say you're abroad, you don't have internet connection on your phone, you're in a cyber coffee trying to print some boarding passes (ps: they don't have wifi, only ****** computers). You try to log in into tour Gmail, of course, it will be detected as a suspicious attempt. We have two possibilities:
    1. To have the 10 backup codes on my phone (saved as a note perhaps), wallet etc.
    2. My phone is dead, I don't have the codes and I'm screwed? Of course, its SO secure that even I can get trapped on it.
  • I keep my backup codes printed out in my wallet. If I don't have my wallet on me then I have bigger problems.
  • I keep two of the codes with me and the rest are locked up at home.
  • As noted thorny really new. I've been using Smart Unlock for many months and 2SV with Authenticator Plus for years. Check out Authenticator Plus as a great upgrade from Google Authenticator since it allows you to run it on multiple devices. Glad to see Google expand their 2SV offerings even more.
  • Wow, love this feature! Posted via the Android Central App on my LG G4
  • Sadly you can't use prompt and security key a the same time. Don't know why that would be but :(
  • Sadly, it's incompatible for Yubikey users.
  • I've been using "Use your phone to sign in" since at least April. How is this new? Unless it's only new for 2-step verification which I don't have enabled. Posted via the Android Central App
  • Think the article pretty clearly states this is a feature for two-step verification users. Posted via the Android Central App
  • I've been looking forward to having this since the testing was announced ages ago.
    Would be cool to see android wear support added further down the line to make having 2 step even easier. Posted via the Android Central App
  • Just added my two Nexus phones. I rarely access my account from "non-trusted" devices, but this is very convenient for the times I do. Besides, it serves as another way to monitor unauthorized access to my accounts.
  • I've been wondering something, so maybe someone else has had this experience. I have many accounts two-factored except for my gmail account I use to log onto my phone because I have no idea how that works when you log onto an android phone the first time. So, basically, if I'm at T-Mobile getting a new phone and I try to log onto my gmail account, will it let me log onto the phone? Or will it require two factor? Obviously, since I will not have Authenticator installed, I wouldn't be able to enter the code. Or does it just let you log onto the phone with the basics of the gmail account?
  • Yes. If your SIM is in the phone, Google will send your the normal text message with the code. Android will then read the SMS message itself and authenticate your login.
  • Okay, so I don't have the SMS alert turned on. I use Authy. Is the system smart enough to know it has to send me an SMS instead? Or do I need to enable that in addition to the Authy code?
  • I think you'll need to set up SMS in addition to Authy for it to work. I haven't tried Authy before, so I may be wrong.
  • Doesn't work on N
  • I just tried it on my 5X which is on the latest beta. It worked for me.
  • Works for me with N on the Nexus 6.
  • Security Key and Google prompt can't both be activated for the same Google Account. Please clear all your Security Keys before adding Google prompt.
  • Yes I have this problem too. I have a Yubico key and cannot use both. Posted via the Android Central App
  • Anyone get this to work with Android Wear? I like how Facebook has the "Did you login? Yes, No" prompt for my Moto 360 and Google Prompt should follow suit.
  • is an absolute must for keeping it safe?? lol sure! ******* gamil and ******* two steps! I had a problem with my phone and I lost my account forever and the ******* gmail didnt help me at all!. So, yes use the ******* two steps that google and othes offers for keeping your ass safe and you will be ******!!
  • f*king android and f*uking google!!