Google trusts them, we trust them, and here’s why you too can rely on security keys like the YubiKey and Titan Key.
The Google Advanced Protection Program was introduced back in October 2017, and it’s still one of the strongest security solutions you can find.
The program requires not one but TWO physical security keys so that you have a backup if the main one gets lost. The physical key takes two-factor authentication (2FA) to the next level by requiring a unique physical object that remote hackers have no chance of replicating. Google touts the program as an especially strong defense against phishing.
Researchers at the company studied the effectiveness of various two-factor authentications and multi-factor authentications before launching the program. A better solution, they realized was the universal second factor, or U2F, a security protocol that uses a physical key. Standard 2FA uses a security question or a one-time texted password as the second security element, but for its Advanced Protection Program, Google will only allow physical security keys as the second factor.
Security keys are affordable, easy to use, and almost indestructible. They are no larger than a USB stick and they serve one function — to provide its unique login credential to your account. Security keys can be used for more than Google also. Online services such as Facebook and Dropbox, password managers like LastPass and Dashlane, and operating systems like Windows and macOS can be accessed with U2F keys.
And once the keys are tied to your accounts, there is no logging in without one of them. You’ll need it in addition to the account password, as will anyone else who wants to crack into your account. Should one key get lost...well, that’s why you have a backup. But should BOTH keys get lost, there is no workaround or easy recovery. There are steps you can take to regain the account, but it takes days. This is good security, as it makes it impossible for anyone to impersonate you to crack into your accounts. And in these days of rampant data breaches and phishing, good security can be the difference between happiness and ruin.