Meaning of 2- Step Verification-
If you have enabled the 2-Step Verification on your G-mail account then you have to face an extra step for signing into your account.You will receive a verification code on your registered mobile number and then the same code you have to write on the screen provided. Then only you will be able to sign in, into your account.
Sayings of (NIST)
Us National Institute of Standards and Technology (NSIT) has claimed that the 2-Step Verification is insecure and it should be banned in Future for security reasons.
You can also read the absolute sayings of NIST here-
"If the out of band verification is to be made using an SMS message on a public mobile telephone network, the verifier SHALL verify that the pre-registered telephone number being used is actually associated with a mobile network and not with a VoIP (or other software-based) service. It then sends the SMS message to the pre-registered telephone number. Changing the pre-registered telephone number SHALL NOT be possible without two-factor authentication at the time of the change. OOB [Out of band verification] using SMS is deprecated, and will no longer be allowed in future releases of this guidance."
2-Step verification is Insecure-
So according to NSIT, 2- Step Verification is insecure because it is too easy to gain access to your gmail account using this option. Because it is too easy to gain access to the mobile phone of yours and anybody can gain acces to the verification code.
Most of the smartphones, even show the verification code on the lock screen of the smartphone. So it means anyone who doesn't know your mobile password, can also gain access to the verification code and simultaneously to the gmail account also.
NIST suggests Biometric method for Better security
Biometric method allows you to sign up in your account using your body parts whether it is Eye Retina scan or Finger-print scanner. Mainly it is said that in the future there will be the option to sign in into your account using your Finger and obviously the password will also be there.
However, Last month Google has made its 2- Step Verification as fast as possible. As now we just have to Tap on the verification code received on the registered mobile phone and you are done.
Hope these methods will come as early as possible as our security will be improved far more than today.