Want to make sure nobody can access your Google account without your permission? Make sure to choose a secure password. Want to really make sure your account is safe? Enable 2-step authentication.
Now even if someone has your password, they can’t login unless they also have a code that’s sent to your phone or other device via a text message or the Google Authenticator app.
Don’t want to use an app or wait for a text message every time you want to check your Gmail account? Now there’s a simpler way. Google now supports the FIDO Security Key platform.
That means you can buy any FIDO U2F Security Key and just connect it to your USB port before you login to your account using the Chrome web browser.
Google will automatically detect the key and won’t prompt you for a special code. You’ll still need to enter your username and password, so if someone steals your Security Key they won’t be able to access your account. But if someone has your user ID and password but doesn’t have your Security Key, they’ll be locked out of your account.
Google isn’t the only company to support the Security Key system. The FIDO U2F (Universal 2nd Factor) protocol is an open standard that covers several different technologies including USB keys like the Security Key as well as fingerprint readers, iris scanners, voice and facial recognition or Bluetooth and NFC wireless devices.
Earlier this year PayPal and Samsung were among the first companies to announce support for the FIDO ecosystem.
via Hacker News and Yubico
I am too lazy to google it, but what happens if you loose the dongle are you forced to setup an alternative 2-factor as a backup? As a sidenote, should this standard become popular enough I can’t wait for KeePass Integration.
In the screenshot, there’s a link to “Use a verification code” instead, when you set up 2-factor you are given a bunch of one-time codes to print and keep in case of such emergencies (I assume it’s the same with the hw key, at least).