Why You Need Yubikey for your Google account
If you haven’t added a second layer of security to your Google account, you’re more vulnerable than you realize. You might think you’re secure if you’re using SMS to protect your accounts, but even that has its own security issues compared to alternative verification options. You could employ an authentication app, which is more secure, but those rely on you entering a multi-digit passcode every time you login to a new device or app. Instead of copying and pasting numbers every so often just to send some Hangout messages, look into using a Yubikey. It’s a tiny USB drive that acts as a two-factor authentication tool for a variety of services and operating systems. For now, let’s just start with locking down your Google account.
HOW YUBIKEY WORKS:
Yubikeys are hardware-based security keys that look like tiny USB drives (sorry, you can’t store anything on them). They’re basically one-touch authentication tools you stick into your computer (or, with a compatible model, tap on your NFC-equipped smartphone) to verify your identity. Windows, macOS, and Linux all support the hardware-based authentication tool, while sites like Facebook, Google, Dropbox, Github are also among the over 50 supported services.
It shouldn’t be the only form of two-factor authentication you use—you should also employ a two-factor authentication app whenever you can. You can associate multiple Yubikeys with a single account as well, so if you’ve got one on your keychain and another inserted in your personal or office computer, using both gives you that much more security should you lose one. Even if someone steals it, they’ll be unable to access your accounts without a username and password, and you can remotely deactivate the keys from your already secured accounts using either your second Yubikey or another authorization method.
SECURE YOUR GOOGLE ACCOUNT FIRST:
To setup your security key, you need to dip into your Google account’s security settings. You might have two-factor authentication enabled (using an app instead of SMS, I hope), or a smartphone as a your one-touch Google login prompt, but you’ll have to disable the latter to enable your hardware security key. Also, make sure your key isn’t connected to your computer before you set it up.
To get started, head to your Google account’s sign in and security page, where you’ll have the option to configure your login options. Select “Signing in to Google,” then hit Two-Factor Authentication. Scroll down until you see the security key option, and hit “Add Security Key.”
Follow the prompts from Google telling you to plug in, tap, and name your Yubikey to associate it with your account. After that one-time setup, you’ll see your Yubikey among your list of two-factor authentication options.
To try it out, log out of your Google account. When you log back in, after entering your email address and password, you’ll be prompted to tap the touch-sensitive Yubikey to transmit your authentication code—no app required.
GET RID OF YOUR SMS AUTHENTICATION:
Now that you’ve got an authentication app and a Yubikey—two secure methods of authenticating your account—you should ditch the weakest link that is your SMS verification option. In Google’s 2-Step Verification page, hit the edit button next to your phone number, and select “Remove Phone.” Now your Google account is both free from the vulnerable SMS authentication as well as further protected thanks to the physical hardware you can take wherever you go (or turn into an incredibly functional fashion accessory).
