2FA with a USB key

We've gone over why using two-factor authentication on your online accounts is a good idea, and showed you how to set it up for your Google account as well as how to get started with Authy if you use more than one phone or computer. But we're not done yet!

Google offers what it calls the Advanced Protection Program for folks who need very tight security and controlled access to their account. People like executives, movie stars, politicians and the like. It uses security keys to validate who you are as a two-factor method. Advanced Protection is probably too much hassle for most of us, but a security key is an awesome little tool. It can do to help secure your Google account, and is also a cover-your-butt backup in case you lose your phone — and the authenticator app you installed on it. They're relatively cheap, easy to set up and can get you into your Google account from any computer anywhere.

What are you talking about? Why do I want one of these things?

A security key is a small plastic key-shaped device you can plug into a USB port on a Computer or use wirelessly. Some of them light up, some have a small touch-sensitive button, and some have both. But they don't really do anything, you just plug them in. At least it looks like they don't do anything.

What you can't see is the tiny chip inside the plastic. When it's powered up by putting it in a USB port or pressing the button to connect wirelessly, a secure token can be read. Software on a computer can get this token and compare it against what it expects and see if the two match. That software can use this result to do "stuff." When you go to log onto your Google account from a computer, the web page code can read one of these keys. If everything matches, you get a green light and can get into your account. If things don't match, you get an error. Everything is encrypted, everything is safe, and no two keys are the same.

A USB key is like plug-and-play account recovery.

It's a "thing you have" that can be used to authenticate who you are. When used in tandem with your username and password, it makes things very difficult for someone pretending to be you on the internet. It makes for a great piece of a 2FA scheme, but it's best to add it as a third authentication method along with the authenticator app on your phone. It's even a good idea to use more than one of them.

Let's say you get on a plane and head out somewhere nice for a week or so. During the commotion at the baggage carousel or the rental car desk, you lose (or someone steals) your carry-on. Inside were your smartphone and your laptop. If you have 2FA set up on your Google account and don't have another computer or phone that's already logged in you have three options.

  • Find those backup codes Google told you were important to print out and keep safe.
  • Call Google and work your way through their account recovery process and hope for the best. Also, hope that the information you have on file with Google is correct and you can remember it.
  • Scream and shout because you now need to make a new account and will lose everything you had before.

The first option is the best one. Those recovery codes are an easy way in, and Google even tells you how important it is to keep track of them. Mine are ... somewhere. The second option can be a crapshoot, and frankly, shouldn't even exist. Google should never give you access to a 2FA protected account if you can't provide both methods of authentication. Knowing your mother's maiden name or the name of your first pet is a ridiculous security challenge, and if I had my phone to take a call and get a code I wouldn't be asking in the first place. And the third option, well, that would suck. None of us want to think about the third option.

If you had a security key (or two) set up on your account you would have a fourth — log in at any computer, and plug your key in when asked. I have two of them — one on my keychain, and one at my house that I won't lose.

How to set up a security key

This part is easy. All you need is access to a computer with a USB port or Bluetooth — Chromebooks work just fine — and the key itself. There are links to Google's recommendations at the bottom of the page.

Visit the web page for your account settings. Here's a handy link. Click the Sign in & security link near the top, then look for the link that says 2-Step Verification under the Password & sign-in method section. If you've never set up two-factor authentication, you'll be walked through setting it up with either a text message, Google prompt on another phone, or a security key. I'd recommend you also set up another 2FA method before you set up a security key.

You'll need to provide your password and you'll see a link to set up a security key in the list of choices for 2FA if this is your first time using it or on a tab by itself at the top of the page if it is not. Click away.

They're cheap enough, so buy more than one.

Make sure your key isn't already plugged in (if it's a USB model) and click that button to see the instructions that open. Click the Register button and plug in your key or press its wireless connect button when it tells you to plug in your key. If your USB key has a "button" — a metallic round disk on one side and not really a button — you'll have to lightly place your finger on it. It's not reading your fingerprint, it's just a switch that closes the circuit so Google and your key can sync and set up a token that proves you are really you.

And you're done. It will tell you that you're done even. The next time you're at a computer and asked to log into your Google account, it will ask for your key after you've entered your password. You put it in a USB port or click its wireless connect button, and it can verify you. If you don't have your key with you, you can still use another 2FA method like the app installed on your phone. And you can have more than one key attached to your account so you have a backup of your backup.

Stay safe out there!

This post may contain affiliate links. See our disclosure policy for more details.

Latest And Best Prime Day Deals

Amazon's Fire TV Cube is down to just $70 thanks to this Prime Day deal
Amazon Fire TV Cube
$69.99 $119.99 Save $50

Save $80 on the Neato D4 robot vacuum during this Prime Day Lightning deal
Neato Robotics D4 Alexa-enabled laser-guided robot vacuum cleaner
$319.99 $400.00 Save $80

Time is running out. And so is the supply. Grab it while you can.

Grab TCL's 32-inch 720p Roku TV for less than $100 in this Prime Day Lightning deal
TCL 32S325 32-inch 720p Roku TV
$99.99 $130.00 Save $30

Act fast while you can. These Lightning deals tend to sell out quick.

The Ring Alarm security system is reaching new low prices for Prime Day
Ring Alarm home security systems

Various configurations of the Ring Alarm are discounted to their best prices yet exclusively for Prime members at Amazon through Tuesday night to help keep your home secure.

The Sonos Beam Prime Day deal includes a $40 discount and 2 $50 Amazon gift cards
The Sonos Beam Prime Day deal includes a $40 discount and $100 in Amazon gift cards
$359.00 $499.00 Save $140

That's just so much savings in one deal. You'll have to wait for the physical gift cards, but that's basically $100 to spend however you want.

Prime Day dropped this PlayStation 4 console bundle to just $250
PlayStation 4 Slim 1TB console with Marvel's Spider-Man and Horizon Zero Dawn
$249.99 $359.98 Save $110

This deal on the PlayStation 4 Slim console saves you $50 off its regular price while also including Marvel's Spider-Man and Horizon Zero Dawn Complete Edition for free. You'll just need an Amazon Prime membership to snag it.

The newest device in the Echo family, the Show 5, is now down to just $50
Echo Show 5
$49.99 $89.99 Save $40

It's only been on the market since May, but it hasn't escaped the Prime Day price cuts.

Amp up your home security with these huge Prime Day discount on nearly all Ring products
Save on Ring products today only

Whether you need a video doorbell, whole home alarm system, or some lights to brighten a dark area, Amazon has it all marked down today!

More Prime Day Deals