Before explaining Google’s way of two-factor authentication, let’s look at how Google protect their users’ account if the 2FA solution is not enabled. Google detects unusual login attempts (by tracing the location or by incorrect password attempts). For example, if someone is login from Chicago and after half an hour a login attempt is made from London. Practically it is not possible. AI of Google is very smart and it considers it a suspicious attempt. In this case, Google sends a verification code to the registered email address that was previously configured with it.
Then came the two-factor authentication method. Google is continuously suggesting its users to activate the solution. In this solution, users have to pass through two different processes to complete the authentication. In this article, I am going to explain some of the 2FA techniques that Google is using.
Time-based OTP or TOTP
It is one of the most common techniques that Google is using as the second factor. In this, an OTP is sent to the user’s registered phone number or email address. The OTP is valid only for a limited period of time, after that it expires. Users have to enter the OTP within the period to complete the authentication process and to get the access.
App specific password
Google supports individual app-specific passwords for services and apps that don’t support 2FA. These passwords are created on request and can be triggered individually. There is no limit for app-specific passwords. These passwords can not be used to sign-in to Google account via web browser, restoring the backup, and initializing an Android device.
Google allows users to use FIDO a universal 2FA device for authentication. The Google security key is only supported on desktops and laptops that support Chrome 4o and above. It supports only in chrome.
These are some of the authentication ways that Google is using. Google offers several other ways to set up two-layer authentication. SIM-based authentication, Google prompt etc are some other methods that Google is using for as the second factor.
If you have any doubt, let me know in the comment box below.