Extra Protection For Your Google Account With USB Based Security Key

GMail got "security key" as one more layer of security other than the 2-step-verification method. 'Security Key' is a physical USB device that can be used as a second factor of authentication. The important thing is you can use both the good old 2-step-verification as well as 'Security Key' method simultaneously.

What Is Security Key:

Security key is a encrypted physical USB device, FIDO ready (look like a USB drive) that will act as a second factor of user identification and assure you that the website you are visiting is real (In chrome).

Can I Use USB Pen Drive As Security Key:

No. You have to buy it. Here is amazon link suggested by Google (I am not affiliate)

Why Use Security Key?

• Even though you are using 2-step-verification, you are not sure that if the site you are entering your credentials is really Google.com . Hackers may create exactly similar look alike copy of GMail and when you enter your user ID and password and then the OTP, you are hacked.
• Security key is physical security and no one can replicate it.
• No need of mobile.

Why Not Use?

• You can not use it with Mobile.
• You can not use it with other browser than Google Chrome.

Requirements For Using Security Key:

• Google Chrome version 38 or newer.
• FIDO ready security key.

Got The Key, Here How To Activate / Register The Security Key:

• Go to Add a security key page in your Google account page
• If your key has button, tap the button when prompted.
• If your button do not have button, and you have already inserted the key, remove it and reinsert it.
• More about it Depending on your security key have button or not, do this.
• Click Register.

I Registered The Key, How To Use It?

• Enter your user id and password as usual.
• Google Chrome will as you for the security key. Insert the key or tap the button.

Remember:

• Just like 2 factor authentication, you can set the Google Chrome not to ask for the key next time you log in on same computer.
• When you try to sign in from other computer, you require the key.
• You can still keep using 2-step-verification.
• When not using Chrome or log in from mobiles, you will be send a security password on mobile.
• Security key is registered with your account, not with the computer.
• You can use same security key with multiple Google Accounts.
• You can also use multiple security keys with single Google account. You just have to register them on your account.

If you lose your security key:

• You can log in via 2-step-verification.
• Go to Security key registration list of your account settings page.
• Remember to immediately remove the registered key from your account.

More:

• If you loose your security key, no one can use it. It do not store any account related information. Someone who find it, can not recognize, for which account to try it.
• You can use the same key for multiple websites other than Google.
• Still then do not reveal your password to anyone.

So, are you happy with the old 2 factor authentication via mobile or you need high lever security? Are you going to buy the key? Or you just don't care who adds what!! Please leave a reply.