The Google Ads API will require Multi-factor authentication (MFA), also known as 2-step verification (2SV), starting April 21, 2026, to enhance account security. MFA adds a second authentication factor beyond the password, making unauthorized access significantly harder.
What is Changing?
Users using the user authentication workflow to generate new OAuth 2.0 refresh tokens will be required to complete MFA. New users must add 2-step verification if not already enabled. Existing OAuth refresh tokens remain unaffected and will continue to work without reauthorization. The service account workflow is not affected, and no action is required for those users. Service accounts are recommended for automated or offline workflows.
Platforms Affected
Users of Google Ads Editor, Google Ads Scripts, BigQuery Data Transfer Service, and Data Studio will also face MFA challenges when managing Google Ads. Those without 2-step verification will be prompted to enable it.
How to Check and Enable MFA
Users can verify MFA status in the Security tab of their Google Account settings page under the How you sign in to Google section. If 2-Step Verification is disabled or missing, users should follow on-screen instructions to enable it. If the option is unavailable, it may be disabled by an administrator, who should be contacted for assistance.
Troubleshooting
- If 2-Step Verification is not visible, the administrator might have disabled it.
- If users encounter an error stating "Google couldn’t verify this account belongs to you" and are prompted to recover the account instead of adding 2SV, they should revisit the Security tab, enable 2SV if possible, wait a few minutes, and try signing in again.
