--- title: "Why is Google suddenly asking for two-step verification? " description: "Is your Google account asking you to check your Android phone, or open the Gmail app on your Apple device? Nothing is broken—Google just changed how signing in works for most users." image: "https://images.ctfassets.net/lzny33ho1g45/42FwAGsDwSUT5QaU1vetqh/d9db625f9e0ecb11cee7c0a60c177ce4/google_app_tips2.png" --- # Why is Google suddenly asking for two-step verification?  Is your Google account asking you to check your Android phone, or open the Gmail app on your Apple device? Nothing is broken—Google just changed how signing in works for most users. Is your Google account asking you to check your Android phone or open the Gmail app on your Apple device? Nothing is broken—Google just changed how signing in works for most users. In May 2021, Google started turning on [two-factor authentication](https://zapier.com/blog/two-factor-authentication-2fa-guide/) for most users. Until then, the feature was opt-in only. This means millions of users are seeing the two-step verification prompt for the first time.  It's nothing to be afraid of, though. It's just an extra step while signing in.  When you see a prompt like this on your computer, simply pick up your Android phone or open the Gmail or Google app on your iPhone. You'll be asked if it's you trying to sign in.  Hit **Yes**, and that's it—your computer will sign in. It's painless, but it's also a big boost to your security.  ## Why did Google change how signing in works?  Most people [use the same password](https://zapier.com/blog/password-security/) for every service because it's easier than remembering multiple passwords or [setting up a password manager](https://zapier.com/blog/how-to-change-your-passwords/). The result: if one password leaks, an attacker can use it to access all of your accounts.  This is why Google started offering two-factor authentication a decade ago, in 2011. The idea is that you set up a second form of verification, so that an attacker with your password can't sign in. Early versions of this would send you a text message, but most security experts recommend using a dedicated app like [Authy](https://authy.com/).  Google's two-factor system is interesting because you don't have to install or set up a special app to use it: Android users get a system-wide notification, while iPhone users can see the message in the Gmail or Google app.  No major tech company has made two-factor authentication the default until now, which is probably why the vast majority of users don't use it. Google hopes that changes and is even dreaming of a world without passwords. From a [Google blog post](https://blog.google/technology/safety-security/a-simpler-and-safer-future-without-passwords/): > One day, we hope stolen passwords will be a thing of the past, because passwords will be a thing of the past. This isn't as absurd as it sounds. Here at Zapier, we [stopped using passwords for our internal VPN](https://zapier.com/blog/using-a-vpn-without-passwords/), and it works great. Steps like the one Google just took could help kill off passwords everywhere.  ## What if I don't have access to my phone?  What if you don't have your phone? How are you supposed to log in to your Google account? There are a few options. Head to Google's [two-step verification settings](https://myaccount.google.com/signinoptions/two-step-verification), where you can add backup ways to access your account, some of which don't require a phone. You can make a list of backup codes, which you can print out and store somewhere secure. Or you could [use a YubiKey](https://zapier.com/blog/what-is-a-yubikey/), a dedicated USB device you can plug into any computer to verify your identity. I use one of these, and it's great—you just tap a button to log in to things.  You don't need your phone to use two-factor authentication—it's just a relatively simple choice.