With 2-Step Verification (also known as two-factor authentication), you add an extra layer of security to your account in case your password is stolen. After you set up 2-Step Verification, you’ll sign in to your account in two steps using:
- Something you know, like your password
- Something you have, like your phone
Turn on 2-Step Verification
- Open your Google Account.
- In the navigation panel, select Security.
- Under “Signing in to Google,” select 2-Step Verification Get started.
- Follow the on-screen steps.
Your account, firstname.lastname@example.org, is associated with your work or school. If you can’t set up 2-Step Verification, contact your administrator.
After you turn on 2-Step Verification, you’ll need to complete a second step to verify it’s you when you sign in. To help protect your account, Google will request that you complete a specific second step.
Use Google prompts
We recommend you sign in with Google prompts. They’re easier to enter than a verification code and can help protect against SIM swap and other phone number-based hacks.
Google prompts are push notifications you get on iPhones that are signed in to your Google Account with the Smart Lock app , Gmail app , or Google app . If you sign in to another compatible phone, you automatically get Google prompts on that device, until you sign out.
Based on the device and location info in the notification, you can:
- Tap Yes to allow sign-in.
- Tap No to block sign-in.
Use other verification methods
You can set up other verification methods in case you:
- Want increased protection against phishing
- Can’t get Google prompts
- Lose your phone
Use security keys to increase phishing protection
A physical security key is a small device that you can buy to help prove it’s you signing in. When we need to make sure it’s you, you can simply connect the key to your phone, tablet, or computer. Order your security keys.
You may also be able to use the security key built in to a compatible phone to sign in to new devices.
Tip: Security keys help protect your Google Account from phishing attacks, when a hacker tries to trick you into giving them your password or other personal information. Learn more about phishing attacks.
Use Google Authenticator or other verification code apps
You can set up Google Authenticator or another app that creates one-time verification codes when you don’t have an internet connection or mobile service.
Enter the verification code on the sign-in screen to help verify it’s you.