With 2-Step Verification (also known as two-factor authentication), you add an extra layer of security to your account in case your password is stolen. After you set up 2-Step Verification, you’ll sign in to your account in two steps using:
- Something you know, like your password
- Something you have, like your phone
Activate 2-Step Verification
- Open your Google Account.
- In the navigation panel, select Security.
- Under “Signing in to Google,” select 2-Step Verification Get started.
- Follow the on-screen steps.
Your account, firstname.lastname@example.org, is associated with your work or school. If you can’t set up 2-Step Verification, contact your administrator.
After you turn on 2-Step Verification, you’ll need to complete a second step to verify it’s you when you sign in. To help protect your account, Google will request that you complete a specific second step.
Use Google prompts
Important: To use Google prompts, you need an Android phone with updated Google Play services.
We recommend you use Google prompts as your second step. They’re easier to enter than a verification code and can help protect against SIM swap and other phone number-based hacks.
To get Google prompts on your Google Account, you need:
- An Android phone that’s signed in to your Google Account
- An iPhone with the Smart Lock app , the Gmail app , or Google app signed in to your Google Account.
Based on the device and location info in the notification, you can:
- Tap Yes to allow sign-in.
- Tap No to block sign-in.
You can set up other verification methods in case you:
- Want increased protection against phishing
- Can’t get Google prompts
- Lose your phone
A physical security key is a small device that you can buy to help prove it’s you signing in. When we need to make sure it’s you, you can simply connect the key to your phone, tablet, or computer. Order your security keys.
You may also be able to use the security key built in to a compatible phone to sign in to new devices.
Tip: Security keys help protect your Google Account from phishing attacks, when a hacker tries to trick you into giving them your password or other personal information. Learn more about phishing attacks.
You can set up Google Authenticator or another app that creates one-time verification codes when you don’t have an internet connection or mobile service.
Enter the verification code on the sign-in screen to help verify it’s you.