Google Extends Multi-Factor Authentication Options With Prompt

Google yesterday released a third option for its two-step verification, complementing the Google Authenticator phone app and FIDO U2F Security Keys. This release supports moving from two-factor to a true multi-factor authentication offering

Google Prompt is a push app for mobile authentication, similar to two-factor push solutions offered by others like Duo Security. There is no authentication solution that fits everyone’s needs, and Prompt has both advantages and challenges.

Google Prompt Advantages

  • Free software to download/update on a smartphone, no additional device needed
  • Allows moving from two-factor to a true multi-factor authentication offering
  • Much easier than typing a code or PIN from Google Authenticator

Google Prompt Challenges

  • Requires a data connection
  • Does not protect against phishing and man-in-the-middle attacks
  • Does not work with non-Google services
  • Some organizations do not allow users to bring their phone to work
  • Support and backup issues when the user’s phone (a single, expensive authenticator) is lost, broken, or has a dead battery

Currently, users can’t have Security Keys and Google Prompt enabled at the same time. We expect this will change soon, as Prompt is a better phone-based complement to the Security Key than Google Authenticator.

Google has spent the past five years building its strong authentication strategy with Prompt the latest piece of that plan, which also includes multiple protocols, cross-platform support and administrative tools. Prompt is an attempt to match capabilities already available in the identity and access management market such as Okta Verify, Centrify Push, and PingID Swipe.

Google’s ultimate goal is to build an identity-as-a-service (IDaaS) for enterprises, including a host of federation options (SAML, OIDC), and management tools such as mobile device management and provisioning, which is currently being tested by Salesforce, Slack, and Facebook at Work. Google discussed this IDaaS plan in early June 2016 at the Cloud Identity Summit with focus on Google IDP, Firebase Auth, and customer facing login.

Management of the identity and authentication ecosystem is an absolute requirement for the enterprise and we applaud Google’s efforts here. Strong authentication isn’t one method used everywhere — it’s a combination of options matched to use cases.  Currently, FIDO U2F Security Keys, including YubiKeys, are proven to offer higher security, a faster login experience, and fewer support calls than any other authentication technology on the market.

YubiKey users can have one single and simple key to access a wide range of IT applications, including computers, servers, networks, leading online services and IAM platforms, as well as to sign and encrypt data.

Updated July 24, 2016 to clarify phishing, man-in-the-middle challenge

Talk to our teamTalk to our team

Share this article:


  • Works with YubiKey Spotlight: Expanded partnerships redefining phishing-resistance in 20252024 was an exciting year for Yubico and our partners. Together, we achieved remarkable milestones, launching innovative solutions and forging stronger partnerships – all aimed at delivering the most impactful cybersecurity solutions and user experience for our customers and partners. At the heart of these efforts lies a shared commitment to phishing-resistance.  From registration to […]Read moreWorks with YubiKeywwyk
  • Cybersecurity in 2025 – part two: Insights and predictions from Yubico’s expertsIn part one of our 2025 cybersecurity predictions, we highlighted insights from our experts on the topic of passkeys, digital identity wallets and the threats of AI-driven phishing – areas that saw a lot of focus in 2024, and ones that we expect to continue being a major focus this year. If you missed our […]Read morecritical infrastructurefederal governmentfinancial servicespredictions
  • Cybersecurity in 2025: Insights and predictions from Yubico’s expertsWith 2024 behind us, we saw another challenging year in the world of cybersecurity – highlighted by new and evolving threats like Artificial Intelligence (AI)-driven phishing and increasingly sophisticated cyber attacks overall. Yubico’s September Global State of Authentication Survey confirmed the challenges, even underscoring the potential risks of these new threats. The report emphasized the […]Read moreAIdigital identity walletspasskeyspredictions
  • State of Global Authentic(age)ion: A look at cybersecurity habits by generationsNo generations were left untouched when it came to the threat of hackers in 2024: from the impact of political shakeups, to increasingly sophisticated cyber attacks targeting consumers, critical industries and infrastructures, the world was on high alert. Fueled by a dramatic increase in phishing attacks circumventing certain forms of legacy multi-factor authentication (MFA), as […]Read moreState of Global Authenticationsurvey