Your Google Account is important. "One login, all of Google" also means one login will not only get you into all of your services and data, it potentially could let someone else in, too. And that's why, as we've told you over and over again, you need to use two-step authentication. That way, even if your password is cracked or — god forbid — stolen, any would-be trespassers have to obtain this secondary piece of verification in order to do anything. For most of us, that second step is provided by Google Authenticator, but Google has given us another method: U2F Security Keys.
Ready to unlock your key to the kingdom?
First things first, we need a USB Key, and sadly not just any USB key will do. Even if you've got a drawer full of abandoned flash drives — we know, we have them, too — we need a special kind of USB Key that is labeled as U2F-ready by the FIDO Alliance, which can be found here. The one we used is the Yubico FIDO U2F Security Key on Amazon, but there are a few others out there. It's a tiny, little key that comes in a tiny, little plastic sleeve with a tiny, little card telling you go to their website to get started. This is where the documentation and owner's manual is, so to speak, complete with instructional videos.
To link our security key to our Google Account, we first need to get into Security settings within our Account settings on a desktop or laptop computer. For any worried Chromebook users, we had no issues doing this on our Pixel. Your account settings are found by clicking your pretty little avatar on the top-right corner of most Google pages and clicking "Account."
Security settings are the second tab from the left, and where we can change our passwords and enter the wonderful world of 2-step verification. This is also the page you'll visit to tend to things such as backup emails (should you somehow lose your password), but they are redacted for now.
Once you get into the 2-step settings, you'll see four tabs. The first deals with verification codes, such as text-delivered codes and Google Authenticator. That's also where your backup codes hide, and I'd print off a page of them before you go any further. The second is app-specific passwords, which can be used for apps that don't have native 2-step support. The third is registered computers, where you can reset all computers you've heretofore certified as only needing a password rather than needed 2-step verification. And then the last tab holds our current target: Security Keys. Once your key has shown up, here's where you'll come to link this puppy up.
Here we have the actual implementation. On-screen directions make this simple as possible. You start with the key unplugged. Click the "Register" button on-screen, then plug in the key. If your key has a button, like ours, tap said button and wait until the "Register" button turns green and the "Done" button become clickable.
Now registered, it's ready to be deployed whenever you log in at your aunt's house, or your co-worker's workstation, or that shady internet cafe where your study group absolutely insists on meeting to plan that presentation. The key is a durable plastic, and while we may advocate a sleeve if your key ring is a tough place for tech, it'll be fine in your pocket while not unlocking your precious Google account.
One more beautiful aspects of USB Security Keys: you can have more than one. Security Keys like these can be left with relatives, loved ones, or in your safe deposit case in the event of your death/disappearance/faking your death in a factory fire for insurance money. And should you leave it at home, you still have Google Authenticator, SMS codes, and those backup codes you printed before adding your security key.
So you have absolutely, completely, utterly NO excuse not to turn on two-step with Google and get your security on. Do you think having a physical key to your account is for you, or will you stick to good old-fashioned 6-digit PIN codes?