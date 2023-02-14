



If you have an internet connection, you probably have a Google account so you can post videos on YouTube, check your email with Gmail, and access the many features available on your Android device. prize. Google is so important that it’s important to protect your Google account from hijacking. The best way to do this is to use multi-factor authentication (MFA) with security keys. (Especially if you use Gmail. If bad guys have access to your emails, they can also hijack those accounts using account recovery tools on other sites.)

But what is a security key, and how can you use it to protect your Google account? We’re here to show you.

What is multi-factor authentication?

MFA is sometimes called two-factor authentication (2FA), but not because it adds a second step to the login process. Instead, the name actually stems from a deeper theory about identity, and all forms of authentication fall into three broad categories.

Something you know, such as a password.

Something of yourself, such as a fingerprint or other biometric factor.

Something you have, such as a security key.

Using multiple combinations of these elements can effectively keep bad guys out. Even if an attacker knows your password (something you know), they can’t break into your account because they don’t have your security his key or your fingerprint.

What is two-factor authentication?

This is more than just theory. Account takeovers virtually disappeared when Google required employees to use hardware security keys. The system works.

The most important thing to take from this article as a reader is that MFA should be used whenever MFA is offered. Some forms of MFA are more secure than others, but the most important thing is to choose the one that works for you and use it.

The two most common methods of MFA are authentication apps for smartphones and one-time codes sent via SMS. We think an authenticator app is a good starting point for those new to MFA. These apps generate his one-time-use code that you enter along with your username and password. They are easy to use and free, but you need to have a smart device handy to work. We strongly advise you to avoid receiving his MFA code via SMS as the MFA code can be intercepted. But if this is the only option available, it’s better than not using any form of his MFA.

Note that Google offers other forms of MFA, especially for Android users. You can configure Google to send push notifications to trusted smart devices that act as MFA factors, or use your Android device as a security key. However, these only work when logged into Google.

MFA works well, but only if you use unique and complex passwords for each site or service. The best way to do this is with a password manager. Also, copious amounts of her MFA won’t protect you if a malicious person has already installed malware on your machine. Therefore, readers are also advised to use local antivirus software.

What are security keys?

A security key is a small device, usually about the size and shape of a USB flash drive, that you use to authenticate yourself to a site or service. To do this, you will usually be asked to first enter your username and password as usual, then plug in and tap the security key. Security keys can be connected to mobile devices, but most keys use NFC to communicate wirelessly with smartphones and tablets.

Using security keys has several advantages. First of all, you don’t need a phone to use your security key. Most security keys have no moving parts, batteries, and do not require a network connection to function. Being a dedicated offline device, it is also difficult for malicious actors to attack. Plus, security keys are a little more fun to use, and secret agents get excited about the mundane task of logging into corporate email.

Security keys come in various form factors. Left to right: Nitrokey FIDO2, Google Titan Security Key, Yubico Bio C. (Credit: Max Eddy)

Of course, using security keys has its drawbacks. One typically costs between $20 and $80. Also, not all sites and services support security keys. Even if you’re ready to use all your security keys, you’ll need to use an authenticator app everywhere you don’t accept keys.

Readers contacted us out of concern that the bastards would steal their security keys. It’s possible, but unlikely, and requires a password to take over an account. Losing a key is much more likely than having it stolen. But don’t let that deter you. There are many ways to prevent being locked out of your site due to MFA. The easiest way is to enable multiple his MFA options (like a second backup key or authenticator app) or generate backup codes as a last resort.

Which security key should I use with Google?

Unlike Apple, Google actually sells its own branded security key, the Titan Security Key. We tested them and found them to be great devices, but they’re not the only option for securing your Google account. Can be used as a key.

Google sells its own security keys under the Titan brand. (Credit: Max Eddy)

Google recommends (opens in new window) FIDO-compliant security keys, meaning keys that work with the leading standards that enable security keys to work in the first place. So almost any key works. When purchasing a key, look for one that works with FIDO2 or WebAuthn, the two most recent versions of the standard.

The main considerations when choosing a key are cost and practicality. As mentioned above, advanced security keys can cost over $80, so choose a key that fits your budget.

In terms of practicality, you literally want a key that actually fits your device. Most security keys have unshielded USB-A or USB-C connectors, so you should choose a key that works with all your primary devices. Fortunately, security keys can also be used with simple port adapters. Again, most security keys also offer NFC to communicate with your phone or tablet, so that’s something to consider as well.

Security key makers offer a variety of advanced features in addition to basic features. The YubiKey 5 series, which includes our Editors’ Choice YubiKey5C NFC, is extremely powerful with features like encrypted key storage. Yubico’s Bio series and Kensington VeriMark Guard USB-C Fingerprint Key add biometric authentication that requires a fingerprint for authentication. Most people don’t need these features. If you’re going through the list of features and it’s dizzying, consider a budget device.

Some security keys, like this Kensington security key, also read biometric data. (Credit: Max Eddy)

For most people getting started with security keys, the affordable Yubico Security Keys series (opens in new window) is probably the best option. Note that Yubico seems ready to release a new version of this key. This seems to be an upgrade of the previous blue version of Security Key NFC. The Nitrokey FIDO2 is a similarly priced security key that uses open source hardware and software, but is slightly bulkier.

Note that Google’s Advanced Protection Program requires two security keys instead of one. This is similar to the requirement for using security keys with your Apple ID. The program adds an extra layer of protection to your Google account and is aimed at high-value targets like activists, journalists and politicians, but anyone can sign up. There is a similar option called Data Protection (Opens in a new window).

How to set up a security key for your Google Account

Before we begin, we need a few things. First, you need at least one security key. Next, you’ll need your existing password for your Google account. Finally, you may need to authenticate yourself to activate your MFA security key. So, if you’ve already enabled it on your Google Account, make sure you have access to your email inbox, trusted devices, and existing MFA options.

Editor’s pick

On Google.com, click your user image in the upper right corner, select[Google アカウントの管理]Choose. If you have multiple Google accounts, make sure you’re signed in to the correct account. However, you must add a security key to every account.

(Credit: Google)

Next, on the left side of the screen[セキュリティ]Click.[本人であることを確認する方法]section, make sure some recovery options are enabled. next,[Google へのサインイン]Find the section called[2 段階認証プロセス]Click.

The security option is the fourth option on the bottom left of the screen. (Credit: Google)

A quick note: The account you used is already configured to use MFA, but if you’ve never enabled MFA before, you may be asked to use another method other than security keys. I have. After registering the key, he can change the MFA options at any time later. We recommend having a backup MFA option. We recommend Google Prompt. This allows you to authenticate via push notifications sent to your phone or via authenticator apps and backup codes.

Google supports multiple MFA options. (Credit: Google)

After finishing your preperations,[セキュリティ キー],[セキュリティ キーの追加]Click On the next screen, you can choose to enroll a physical security key or enroll your Android device as a security key. Please click the appropriate one. If you purchased another hardware key,[物理的な選択]Click[次へ]Click.

All existing security keys are displayed in this list. (Credit: Google)

The next screen will ask you to follow your browser’s instructions. These look different depending on your preferred browser. Next, you will be prompted to insert your security key. If already connected, wait a beat or two. Read the instructions carefully as you may be asked to tap a key at some point.

This is how the registration process looks like in Firefox on Mac. The display differs depending on the browser. (Credit: Google)

The next screen will ask you to name the key. Please use the descriptive here. Maybe it’s the model of the key (Nitrokey), some physical properties (Blue key), or its location (taped to my leg). Anything that helps me remember which key to use!

(Credit: Google)

that’s all! You have registered your first security key with your Google account. If you’ve already purchased a second key to use as a backup, you can also add it. Also, don’t forget to enable a second backup form of MFA while changing the settings and register the key in your other Google Account as well.

Note that these instructions used a Mac running Firefox. You can access your MFA settings from Android, but all changes and registration of new keys are done from your mobile browser. The only difference is that you have the option to tap or plug in the key on your mobile device. Some laptops or desktops may support NFC, but we have not tested those configurations.

Other ways to protect your account

Using any kind of multi-factor authentication is better than none at all, but security keys are probably the best way to protect your online accounts, especially your Google account. Rest easy knowing your account keys are safely stored with your home keys.

Now that you’ve secured your Google Account with a security key, consider doing the same with your Apple ID. We also need to consider ways to improve not only security, but also online privacy.

