# Questions - Do users have to enroll in MFA or is adding recovery information enough? - What does a registration campaign look like. ## Todo - MFA enrollment/setup/enable guide. ## Issues ### "Why you need your phone" Login Prompt Still need to figure more of this out. I believe it is prevented when you have had 2FA enabled for more than 7 days. You can temporarily bypass this by using the "prevent login challenges for 10 minutes". # Deployment Most of this is taken from the [Google Help article](https://support.google.com/a/answer/9176657?hl=en) and expanded upon. ## Step 1: Notify users of 2-Step Verification deployment - What 2SV (MFA) is and why your company is using it. - Whether 2SV is optional or required. - If required, the date by which users must turn on 2SV. - Which 2SV method is required or recommended. #### Note On Passkeys While **passkeys** [offer strong protection against phishing and password-related threats](https://security.googleblog.com/2023/05/so-long-passwords-thanks-for-all-phish.html), they are currently difficult to manage in an enterprise environment. Without third-party tools, passkeys are tied to the device they were created on, which can make account recovery and multi-device access more challenging. For now, we recommend using the more established 2SV methods listed above to ensure a smooth and secure authentication experience. ![[Google Workspace Multi-Factor Authentication Client Communication]]