Starting next week Google will overhaul its two-step verification (2SV) procedure and replace one-time codes sent via SMS with prompts shown on the user's smartphone.

This change in the Google 2SV scheme comes after an increase in SS7 telephony protocol attacks that have allowed hackers to take over people's mobile phone numbers to receive one-time codes via SMS and break into user accounts.

Rollout process starts next week

The rollout process for this feature is scheduled to start next week when Google will invite users to try mobile prompts instead of receiving a one-time code via SMS.

Users need an Internet-connected smartphone to use this feature. Every time users will try to log in, Google will show a prompt on their phone asking the account owner to approve the login request.

There's no one-time code that users have to fill in, and users can authorize a login request with the tap of a button.

Google 2SV prompt

Information such as the user's device, location, and login time is shown in the prompt. Users should pay attention to these details and make sure it corresponds to the device they're using to access their account.

Mobile prompts will gradually replace SMS one-time codes

Only users with SMS-based 2SV enabled for their accounts will be invited to this program. Users can also decline Google's invitation to use mobile prompts and continue to use one-time SMS codes.

Users that utilize security keys will not be invited, as security keys are considered a more secure solution for protecting accounts.  Google says it will re-invite users to join the mobile prompt program after six months.

iOS users must have the Google Search app installed on their devices to be able to see 2SV login prompts.