Turning on 2-step verification
How to enable 2-step verification (2FA) for your Google Workspace account — the most important step you can take to protect your business email and files.
2-step verification (also called two-factor authentication, or 2FA) adds a second check when you sign in. Even if someone steals your password, they still can't get into your account without the second factor — usually your phone.
Quick summary
Turn on 2-step verification at myaccount.google.com → Security → 2-Step Verification. You'll be asked to confirm your identity with your phone every time you sign in from a new device. Admins can also enforce this for the whole organization.
Why this matters so much
Business email accounts are a primary target for hackers. If someone gets into your Gmail, they can:
- Read all your emails
- Reset passwords for every service that sends password resets to that address
- Impersonate you and your business
2-step verification stops this even if your password is compromised. We strongly recommend enabling it — for yourself, and for every person in your organization.
Turning on 2-step verification for yourself
Go to myaccount.google.com and sign in with your Workspace account.
Click Security in the left sidebar.
Find "2-Step Verification" and click on it. Click Get started.
Choose your second factor. Google offers several options — see below.
Follow the on-screen prompts to verify your chosen method is working.
Click Turn on. 2-step verification is now active.
Choosing your second factor
Recommended options
Google Prompt — a notification pops up on your phone asking "Was this you?" Just tap Yes. Simple and secure.
Authenticator app — an app like Google Authenticator or Authy generates a 6-digit code that changes every 30 seconds. Slightly more steps but works even without phone signal.
Security key — a physical USB or NFC key. The most secure option. Best for high-value accounts.
Less recommended
SMS text message — Google texts you a code. Convenient but less secure than the above options, because SIM swapping attacks can intercept SMS. It's still better than no 2FA at all.
We recommend Google Prompt or an authenticator app for most users.
Enforcing 2-step verification for your whole organization (admins)
As a Workspace admin, you can require all users to turn on 2-step verification — and even choose which methods are allowed.
Go to admin.google.com and sign in.
Click Security → Authentication → 2-Step Verification.
Click "Allow users to turn on 2-Step Verification" — this lets users turn it on voluntarily. To make it mandatory, scroll down.
Under "Enforcement", choose when to enforce it — you can give users a grace period (e.g., 1 week) to set it up before it becomes required.
Click Save.
Give users time to prepare
If you enforce 2-step verification immediately without warning, users who haven't set it up will be locked out of their accounts. Give at least a few days' notice and share instructions.
Backup codes
When you turn on 2-step verification, generate backup codes. These are single-use codes you can use if you lose your phone.
Go to myaccount.google.com → Security → 2-Step Verification → Backup codes → Generate. Print or save them somewhere safe — not on the computer you use for work.
Common questions
Related guides
- Key security settings
- Signing in to Google Workspace
- The Google Admin console, explained
- Two-factor authentication explained
Need a hand?
Learn more
Storage & quotas in Google Workspace
How Google Workspace storage works, how much you have, where it's used, and what to do when you're running low.
Key security settings
The most important security settings to configure in your Google Workspace Admin console — protecting your organization's accounts, data, and email.