Original source (on modern site)
Google is making some changes to the setup process for its 2FA system. Now, the company is offering new possibilities beyond the phone number. This will make things both simpler and safer. Before, you needed to add a phone number to enable 2FA in your Google account. From now on, the system will support codes with time-based validity as a "second step method" in addition to hardware security keys. This means that you can start using FIDO1 and FIDO2 keys or Android apps like Google Authenticator. This way, you don't expose yourself to potential SMS security vulnerabilities. Using Google Authenticator for the 2FA setup process in Google accounts will be as easy as doing it in any other service. You can do it through a QR code or by manually typing a configuration key. Once it is done, instead of receiving an SMS with the 2FA code, you will get it in the Authenticator app and it will be valid for a limited time. Regarding using security keys after the latest Google 2FA setup changes, the company offers two options. You can do this using the FIDO credentials assigned to the key, or by assigning a passkey. A passkey is another security system from Google itself. Its main goal is to simplify as much as possible the process of safely logging into your accounts. Once a passkey is set, you can access the account using a screen lock PIN. In the case of Workspace accounts linked to an organization, you may still need a password even after setting up a passkey. This will depend on the settings established by the organization administrator. So, the Google Authenticator method or directly using FIDO1 hardware key credentials seem to be the most recommended methods here to avoid complications.Now you can use Authenticator and FIDO security keys to setup Google 2FA