Security Key and Passkey

Missa · 12-13-2023 06:26 AM

Hello community members,

I'm seeking guidance on how to maintain 2-step verification for Google Workspace accounts while disabling the Security Key and Passkey options. Is there a way to configure settings to ensure users aren't required to utilize these options while still ensuring the security of the accounts? Your insights and expertise on this matter would be greatly appreciated! Thank you in advance for your assistance

Penelope

The methods I believe are this according to https://support.google.com/a/answer/9176657:

For Methods, select the enforcement method:
- Any—Users can set up any 2SV method.
- Any except verification codes via text, phone call—Users can set up any 2SV method except using their phones to receive 2SV verification codes.
  Important: Users who use texts and phone calls to verify will be locked out of their accounts. To avoid locking out these users from their accounts:
  - Before enforcement, tell users to start using another 2SV method since 2SV codes won't be available on their phones after the enforcement date.
  - You can use the login_verification Login Audit activity event to track users who use codes from a text message or voice call. If the login_challenge_method parameter has the value idv_preregistered_phone, the user authenticates with a text or voice verification code.
- Only security key—Users must set up a security key.
  Before selecting this enforcement method, find users who already set up security keys (report data could be delayed up to 48 hours). To view real-time 2SV status for each user, go to Manage a user’s security settings.