Set up 2-Step Verification
Protect your business with 2-Step Verification
These articles are for administrators. Enterprise users should see Turn on 2-Step Verification.
Use 2-Step Verification (2SV) to protect accounts from unauthorized access. 2SV puts an extra barrier between your business and cybercriminals who try to steal usernames and passwords to access business data. Turning on 2SV is the single most important thing you can do to protect your business.
What is 2-Step Verification?
2SV requires users to verify their identity through something they know (such as a password) plus something they have (such as a physical key or access code delivered to a device). It’s also called multifactor authentication (MFA) or 2-factor authentication (2FA).
Do small businesses need 2-Step Verification?
Cybercriminals are increasingly targeting small businesses. If a hacker gets into your administrator account, they can see your email, documents, spreadsheets, financial records, and more. A hacker might be able to steal or guess a password, but they can’t reproduce something only you have.
2-Step Verification methods
Text message or phone call
Enforcement options for 2-Step Verification
You can make 2SV optional or required.
- Optional—You encourage users to use 2SV, but leave the decision up to them.
- Mandatory—You require users to use 2SV, but they choose the method.
- Mandatory security keys—You require users to use a security key as their 2SV method.
Best practices for 2-Step Verification
Enforce 2-Step Verification for administrators and key users
- The administrator account is the most powerful account because it can delete users, reset passwords, and access all your data.
- Users who work with sensitive data such as financial records and employee information should also use 2SV.
Consider using security keys in your business
- Security keys—The strongest 2SV method, and they don’t require users to enter codes or carry a mobile phone. You can buy Titan Security Keys from the Google Store or order a compatible security key from a retailer you trust.
- Alternatives to security keys—Google prompt or the Google Authenticator app are good alternatives if you decide not to use security keys. Google prompt provides a better user experience than Google Authenticator, because users simply tap their device when prompted (instead of entering a verification code).
- Text messages are discouraged—They rely on external carrier networks and might be intercepted.