Updates to Two-Factor Authentication (2FA) for the All of Us Researcher Workbench

The All of Us Researcher Workbench is improving security measures by disabling short message service (SMS) as a form of two-factor authentication (2FA). Effective August 12, 2025, SMS (text message) will no longer be supported as a Google 2FA method for login to the Researcher Workbench. Instead, users will be required to enroll in Google 2FA using Google Authenticator app. 

This change is being made to strengthen our security protocols and ensure the continued protection of All of Us participant data and platform security. This update is to align with the guidance from the NIST SP 800-63B standard. Using SMS-based 2FA is strongly discouraged due to security vulnerabilities such as interception and redirection of SMS messages.

What should I expect?

If you currently use SMS as your Google 2FA method for login to the All of Us Researcher Workbench, you must switch to the Google Authenticator app by August 12th, 2025. Failure to transition to the recommended method by this time may disrupt workbench login.

How to update your Google 2FA method

If you currently use SMS as your Google 2FA method for login to the All of Us Researcher Workbench, you must switch to the Google Authenticator app. The Google Authenticator app generates time-sensitive, one-time codes directly on your mobile device. 

Enroll in Google Authenticator App

• Download and install Google Authenticator on your mobile device (Android or iOS).
• Sign in to your @researchallofus.org Google Account on your device (computer or laptop): https://myaccount.google.com/
• Access your Security Settings > Click "Security" in the left menu.

• Under the “How you sign in to Google” section, select "Authenticator" as your verification method and select “Set up authenticator” on the following screen.

• Open the Google Authenticator app on your mobile device and scan the QR code displayed on the Google Account screen, then click Next. You should now see the @researchallofus.org account in the list on the Authenticator app.
• Enter the 6-digit code generated by the Authenticator app on the Google Account page to verify.
• Upon successful completion, you will see a green checkmark next to the Authenticator app or the date of enrollment. 

Update 2-step Verification Method in Google Profile

• After you have successfully enrolled in the Google Authenticator app, navigate back to your Security Settings > Click "Security" in the left menu.
• Under the “How you sign in to Google” section, select "2-step verification"
• Ensure 2-step verification is enabled, and is using the ‘Authenticator’

What if I do not update my Google 2FA method by August 12th?

If you attempt to login to the Researcher Workbench using the SMS method for Google 2FA after August 12th, 2025, you will be unable to access the Researcher Workbench. If this occurs, please email the All of Us Research Support team at support@researchallofus.org for assistance. To avoid any disruption to your access to the All of Us Researcher Workbench, you must update your 2FA method before August 12, 2025 by following the instructions listed above.