Google is going to start turning on two-factor authentication for users

 Soon we’ll start automatically enrolling users in 2SV if their accounts are appropriately configured. (You can check the status of your account in our Security Checkup).  Using their mobile device to sign in gives people a safer and more secure authentication experience than passwords alone.

Source: A simpler and safer future — without passwords

When we tell a computer who we are, for the most part we only use a password. In security circles, this is call a factor, and using a password is one factor authentication, or something you know. To make it harder for someone to use your account, you can add additional factors, such as something you have or something you are. Requiring a code sent to a cellphone is using something you have to authenticate you. On the iPhone and certain Android phones, you can use face recognition or a finger print scanner to tell the computer something you are.

For people that already use something like Gmail on their phone, Google is going to start using that as a second factor. This means, when you attempt to sign in to your Google account, Google will require you to acknowledge the log in on your phone. If your password is leaked, no one will be able to use it without your phone.

As two factor authentication (Google calls it 2 step verification) becomes more popular, be aware of scams. NEVER give out a code from your phone to ANYONE. Never, never, never! No reputable company will ever ask for the two factor code over the phone.

Google’s change will not affect Google Workspace customers, such as those who use Google accounts through their school. Your school Google Admin can control the requirements for two factor.