If you use 2-Step Verification (and you should), you can choose Security Key as your primary method, instead of having verification codes sent to your phone. With Security Key, there’s no looking at codes and re-typing―you simply insert your Security Key into your computer’s USB port when asked.
Is Security Key right for me?
Security Key is right for you if you want protection even beyond what using verification codes sent to your phone already gives you. Advantages include:
- Better protection against phishing. With 2-Step Verification, Google requires something you know (your password) and something you have (like your phone) to sign in. Google sends a verification code to your phone when you try to sign in to confirm it’s you. However, sophisticated attackers could set up lookalike sites that ask you to provide your verification codes to them, instead of Google. Security Key offers better protection against this kind of attack, because it uses cryptography instead of verification codes and automatically works only with the website it’s supposed to work with.
- No mobile connection or batteries needed. Security Key works without a data connection, and you can carry it wherever you go on a keychain or in your wallet.
Here are a couple of cases where you will want to use verification codes instead of a Security Key:
- You use your account only on a mobile device. Security Key requires a USB port to work, so it’s not recommended for mobile-only users.
- You don’t use Chrome. Security Key does not work on browsers other than Chrome.
Requirements for using Security Key
To use Security Key, you’ll need a computer running Google Chrome version 40 or newer on ChromeOS, Windows, Mac OS, or Linux.
If your device doesn’t support Security Key, you can still use a verification code .
How do I get a Security Key?
You can use any device compliant with the open standard called “FIDO Universal 2nd Factor (U2F)”.
You can find FIDO U2F Security Key devices for sale online