Google’s Android lockdown is now in full flight, as the once footloose mobile OS becomes ever more like the more buttoned-down iPhone. Whether its clamping down on sideloading or older phones or poor-quality apps or stolen devices, narrowing the security and privacy gap to Apple seems to have become the primary focus.
And so it is with the latest reveal, spotted first by 9to5Google, with a major change to the Google Prompt that verifies “it’s you” when you log into your account on your phone. “Google Prompt is a pretty good 2-factor authentication (2FA) option for the vast majority of users, with Google now adding fingerprint or PIN authentication to the process. Over the past few days, we’ve started noticing an extra step after tapping ‘Yes, it’s me’ on the fullscreen ‘Are you trying to sign in’ Google Prompt.”
This security fronts your Google account, and backs up simple device security with something more robust when accessing your account itself or performing a sensitive task. The idea — as with other defenses such as theft protection — is that simple control over a device through a stolen PIN is not enough to do the most serious damage.
According to Android Authority, “any time more steps are added to a process, you can expect that process to take a little longer. Fortunately, something like scanning your finger or entering your PIN can be done pretty quickly. A few extra seconds is a fair trade for an additional layer of security.”
And while this is coming to your Android phone courtesy of Google Play Services version 25.02.34, iPhone users are not exempt. “Google Account users on iOS should start seeing the change as well,” Android Authority says. “Instead of Play Services, the Google app or Gmail is responsible for the prompt on iOS.”
Google “recommends Google prompts instead of text message (SMS) verification codes,” given that a signed-in, trusted device ecosystem with biometric security is much more secure than any form of messages 2FA combined with a username and password. It’s the same reason passkeys are set to become the norm.
The prompt method also can provide messages on other signed-in devices when a link attempt is made, enabling a much faster lockdown in the event of an unauthorized attempt. The latest security update should be welcomed by all.
