Security conscious Google account holders have already been using Google 2-step verification for some years now. The 2-step verification requires you to enter a security code sent to your registered mobile phone in addition to the regular signing in using your username and password. But now Google has made the signing in process even more secure by making the option for using a FIDO U2F compatible security key for signing in. The U2F compatible security keys are special USB devices that look like ordinary USB flash drives but instead contain public-key cryptographic modules to support the U2F (Universal 2 factor) protocol.
In order to enhance the Google 2-step verification security with FIDO U2F compatible security keys, you would need these:
- One security key that supports the U2F protocol. You can get these from Yubico or Plug-Up International for around $6.00.
- Google Chrome web browser version 38 or later installed in Windows, Mac or Linux. No other browser supports Google’s U2F protocol yet.
Once you have installed Google Chrome web browser in your PC and have purchased a FIDO U2F compatible security key, you can follow these steps to start using the security key for logging in to your Google account.
- In the Google Chrome browser, sign in to your Google account. Switch to the Security section in the account settings and enable 2-step verification. For detailed instructions, you can see – how to enable 2-step verification in Google accounts.
- On the settings page in your Google account switch to the Security section (you can open this by visiting https://www.google.com/settings/security). Click on Settings shown next to 2-step Verification.
- On the 2-step verification settings page, select the Security Keys tab and then click on the Add Security Key button.
- Click on the Register button, insert your security key into your PC’s USB port and wait. If your security key has a circular button on it, then you may have to tap this circular button. If everything goes okay, you would see a green colored Registered message. The security key is registered to be used with your Google account – you can click on the Done button and remove the security key.
- Now if you try to sign in to your Google account in the Chrome web browser, you will first see the regular username and password prompt. If you enter correct username and password, then you would see a screen that waits for you to insert the security key into your computer. Upon successful recognition of the security key, you will be signed in to your Google account.
Conclusion: Using a U2F compatible security key in your Google account can make it very easy and highly secure to use the 2-step verification method for signing in to various Google services. In case you lose the security key, you can still sign-in using the verification codes sent to your registered mobile phone as usual.