Want to make sure nobody can access your Google account without your permission? Make sure to choose a secure password. Want to really make sure your account is safe? Enable 2-step authentication.

Now even if someone has your password, they can’t login unless they also have a code that’s sent to your phone or other device via a text message or the Google Authenticator app.

Don’t want to use an app or wait for a text message every time you want to check your Gmail account? Now there’s a simpler way. Google now supports the FIDO Security Key platform.

google security key

That means you can buy any FIDO U2F Security Key and just connect it to your USB port before you login to your account using the Chrome web browser.

Google will automatically detect the key and won’t prompt you for a special code. You’ll still need to enter your username and password, so if someone steals your Security Key they won’t be able to access your account. But if someone has your user ID and password but doesn’t have your Security Key, they’ll be locked out of your account.

Google isn’t the only company to support the Security Key system. The FIDO U2F (Universal 2nd Factor) protocol is an open standard that covers several different technologies including USB keys like the Security Key as well as fingerprint readers, iris scanners, voice and facial recognition or Bluetooth and NFC wireless devices.

Earlier this year PayPal and Samsung were among the first companies to announce support for the FIDO ecosystem.

via Hacker News and Yubico

Support Liliputing

Liliputing's primary sources of revenue are advertising and affiliate links (if you click the "Shop" button at the top of the page and buy something on Amazon, for example, we'll get a small commission).

But there are several ways you can support the site directly even if you're using an ad blocker* and hate online shopping.

Contribute to our Patreon campaign

or...

Contribute via PayPal

* If you are using an ad blocker like uBlock Origin and seeing a pop-up message at the bottom of the screen, we have a guide that may help you disable it.

2 replies on “Google Security Key prevents anyone from using your account without a USB key”

  1. I am too lazy to google it, but what happens if you loose the dongle are you forced to setup an alternative 2-factor as a backup? As a sidenote, should this standard become popular enough I can’t wait for KeePass Integration.

    1. In the screenshot, there’s a link to “Use a verification code” instead, when you set up 2-factor you are given a bunch of one-time codes to print and keep in case of such emergencies (I assume it’s the same with the hw key, at least).

Comments are closed.