Google Workspace / Gsuite – Use Authenticator/TOTP as 2FA without needing to register SMS or Physical Token

Introduction For some reason, users are forced to activate at least one 2FA method (SMS, token or cellphone alerts) before being allowed to activate TOTP (via Authenticator). SMS is an insecure method of 2FA, because telephone companies are usually susceptible to social engineering attacks that can transfer your number to an unauthorized user. If you…