With 2-Step Verification, or two-factor authentication, you can add an extra layer of security to your account in case your password is stolen.
After you set up 2-Step Verification, you can sign in to your account with:
- Your password and a second step
- Your passkey
Tips:
- By default, when you create a passkey you opt in to a passkey-first, password-less sign in experience.
- If you always want to use your password first, you can change this default preference in your account settings.
Allow 2-Step Verification
- Open your Google Account.
- In the navigation panel, select Security.
- Under “How you sign in to Google,” select Turn on 2-Step Verification.
- Follow the on-screen steps.
Tip: If you use an account through your work, school, or other group, these steps might not work. If you can’t set up 2-Step Verification, contact your administrator for help.
Verify it’s you with a second step
Important:
- When you sign in with a passkey, it bypasses your second authentication step, since it verifies that you have possession of your device. Unlike passwords, passkeys only exist on your devices. They can’t be written down or accidentally given to a bad actor.
After you turn on 2-Step Verification, you need to complete a second step to verify it’s you if you choose to sign in with a password. To help protect your account, Google will ask you to complete a specific second step.
Use Google prompts
If you choose not to sign in with a passkey, we recommend you use Google prompts as your second step. It's easier to tap a prompt than enter a verification code. Prompts can also help protect against SIM swap and other phone number-based hacks.
You’ll receive Google prompts as push notifications on iPhones that are signed in to your Google Account with the Gmail app , the Google Photos app , the YouTube app , or the Google app .
If you sign in to another compatible phone, you automatically get Google prompts on that device, until you sign out.
Based on the device and location info in the notification, you can:
- Allow the sign-in if you requested it by tapping Yes.
- Block the sign-in if you didn’t request it by tapping No.
Use other verification methods
You can set up other verification methods in case you:
- Want increased protection against phishing
- Can’t get Google prompts
- Lose your phone
Passkeys are a simple and secure alternative to passwords. With a passkey, you can sign in to your Google Account with your fingerprint, face scan, or device screen lock, like a PIN. You can create a passkey on a phone, computer, or hardware security key. Learn how to create a passkey.
A hardware security key is a small device that you can buy to help verify it’s you when you sign in. When we need to make sure it’s you, you can simply connect the key to your phone, tablet, or computer. Learn how to order your hardware security keys.
Tip: When a hacker tries to get your password or other personal information, passkeys and hardware security keys protect your Google Account from phishing attacks. Learn more about phishing attacks.
When you don't have an internet connection or mobile service, you can set up Google Authenticator or another app that creates one-time verification codes.
To help verify it's you, enter the verification code on the sign-in screen.