Google Extends Multi-Factor Authentication Options With Prompt

Google yesterday released a third option for its two-step verification, complementing the Google Authenticator phone app and FIDO U2F Security Keys. This release supports moving from two-factor to a true multi-factor authentication offering

Google Prompt is a push app for mobile authentication, similar to two-factor push solutions offered by others like Duo Security. There is no authentication solution that fits everyone’s needs, and Prompt has both advantages and challenges.

Google Prompt Advantages

  • Free software to download/update on a smartphone, no additional device needed
  • Allows moving from two-factor to a true multi-factor authentication offering
  • Much easier than typing a code or PIN from Google Authenticator

Google Prompt Challenges

  • Requires a data connection
  • Does not protect against phishing and man-in-the-middle attacks
  • Does not work with non-Google services
  • Some organizations do not allow users to bring their phone to work
  • Support and backup issues when the user’s phone (a single, expensive authenticator) is lost, broken, or has a dead battery

Currently, users can’t have Security Keys and Google Prompt enabled at the same time. We expect this will change soon, as Prompt is a better phone-based complement to the Security Key than Google Authenticator.

Google has spent the past five years building its strong authentication strategy with Prompt the latest piece of that plan, which also includes multiple protocols, cross-platform support and administrative tools. Prompt is an attempt to match capabilities already available in the identity and access management market such as Okta Verify, Centrify Push, and PingID Swipe.

Google’s ultimate goal is to build an identity-as-a-service (IDaaS) for enterprises, including a host of federation options (SAML, OIDC), and management tools such as mobile device management and provisioning, which is currently being tested by Salesforce, Slack, and Facebook at Work. Google discussed this IDaaS plan in early June 2016 at the Cloud Identity Summit with focus on Google IDP, Firebase Auth, and customer facing login.

Management of the identity and authentication ecosystem is an absolute requirement for the enterprise and we applaud Google’s efforts here. Strong authentication isn’t one method used everywhere — it’s a combination of options matched to use cases.  Currently, FIDO U2F Security Keys, including YubiKeys, are proven to offer higher security, a faster login experience, and fewer support calls than any other authentication technology on the market.

YubiKey users can have one single and simple key to access a wide range of IT applications, including computers, servers, networks, leading online services and IAM platforms, as well as to sign and encrypt data.

Updated July 24, 2016 to clarify phishing, man-in-the-middle challenge

Talk to our teamTalk to our team

Share this article:


  • Mission matters – my reflections on winning the EY World Entrepreneur of the Year “This is the biggest mission any of the entrepreneurs have presented in this competition.”  I heard these words a few weeks ago from one of the judges for the EY World Entrepreneur of the Year award program – whom I had the honor to meet during the final step of the world’s largest entrepreneur competition.  […]Read moreawardsFounderStina Ehrensvard
  • Yubico recognized by TrustRadius 2025 Award for top customer reviewsAs AI-driven cyber threats like credential phishing evolve and grow in complexity, phishing-resistant YubiKeys are an important component toward cyber resilience — and our mission to make the internet more secure has never been more critical. To support this, customer feedback is something we take very seriously and is an invaluable tool to ensure we’re […]Read moreawardsTrustRadius
  • CEO Corner: Maintaining stable growth while navigating global uncertaintyAs we officially close out the first quarter of 2025,  I am pleased we saw a quarter with solid growth and profitability along with ongoing demand for phishing-resistant authentication. We continue to see new types of high-profile cyber attacks appearing regularly, and a major reason for the success of phishing attacks is stolen credentials. As […]Read moreCEOCEO CornerEarningsMattias Danielsson
  • Introducing the Yubico Academy: Enabling partners for a phishing-resistant futureAt Yubico, strong partnerships are fundamental to a more secure digital world. Our commitment goes beyond providing leading security keys; it’s about actively fostering the growth of our valued partners through impactful enablement programs. A cornerstone is the Yubico Academy, featuring our comprehensive certification program.  This program enables our partners’ teams to become Yubico experts, […]Read more