Two-factor authentication is a very useful method to add an extra layer of security to your online accounts. However, it requires the repeated use of your smartphone, which is not only inconvenient but can also be a major problem if your phone is lost or breached. Hardware security keys can provide you with an additional layer of security to password-protected online accounts and, as a result, your identity. Also, they are not hard to install. Here is a guide on how to set them up for your Google account.
Security keys can be connected to your system using either USB-A, USB-C, Lightning, or NFC, and they are small and portable enough to be carried on a keychain. An exception is Yubico’s 5C Nano key, which is so small that the safest option is to keep it in your computer’s USB port. They use a variety of authentication standards, such as U2F, FIDO2, OTP, smart card, and OpenPGP 3.
When you insert a security key into your computer or connect one without a wise, your browser issues a challenge to the key, which will include the domain name of the specific site that you are attempting to access. The key then cryptographically signs and allows the challenge, which will log you into the service.
How to pair a key with your Google account
- Log in to your Google account, and choose your profile icon in the upper-right corner of the screen. Select “Manage your Google Account.”
- In the left-hand menu, press “Security.” Scroll down until you see an option that reads “Signing in to Google.” Click on the “2-step Verification” link. At this point, you may have to sign in to your account again.
- Scroll down until you see the option that reads “Add more second steps to verify it’s you”. Search for the “Security Key” option and tap on “Add Security Key.”
- A pop-up box will appear and will list all your options. These will include devices that have built-in security keys and the option to use an external security key. Choose “USB or Bluetooth / External security key.”
- You will see a box instructing you to make sure the key is nearby but not plugged in. You will also see an option to use only the security key as part of Google’s Advanced Protection Program, which is reserved for users with “high visibility and sensitive information.” With the assumption you do not fall into that category, click on “Next.”
- Name your key. Now, you can always return to your Google account’s 2FA page to rename or remove your key.