Two-factor authentication is a quick, easy way to add extra security to your accounts (or password managers). For even more security and peace of mind, consider buying a hardware token like the YubiKey or Google Titan.
They’re incredibly easy to set up, and as long as you keep the USB accessory on or near you—on your keyring, for example — you’ll be able to authenticate into supported accounts and services as quickly as typing in a password. And since nobody else will have your hardware authenticator, your accounts will be protected from other attackers.
Setting up a hardware token is simple
I have both a Google Titan and a Yubikey hardware token, and setting them up is as complicated as adding two-factor authentication to an account — which is to say, not complicated at all. All you have to do is visit your two-step authentication page on Google and select the option to add a new security key.
You then insert the key into a USB port on your computer, tap its button, and that’s it. Your key is now registered to your account, and will become your primary authentication method going forward.
When you go to log into your account on a new computer, you’ll see this prompt. And when you do, you’ll need to plug in your key, hit the button and that’s it.
What about other services?
You can use a Google Key with other sites and services, such as Facebook or Twitter. It doesn’t work with LastPass as of when we wrote this article — annoyingly enough — but using another hardware token like the YubiKey is just as easy.
For example, setting it up requires you to pull up LastPass’ settings; click on the YubiKey option under Multifactor Options; enable the token; and officially adding it by clicking on the “YubiKey #1″ field, inserting your token, and hitting the button.
This might sound like a lot, but it’s hardly more difficult than Google’s process. It took me the same amount of time to add a YubiKey to LastPass as it took to add a Google Titan key to my Google account—and if I wasn’t testing both, I’d probably just stick with the YubiKey, since it makes more sense to have one key you can use for all your services.
No matter which key you use — and both the Google Titan and the YubiKey are a pretty small investment — it never hurts to have as much security for your critical accounts as possible.
You might not ever need this much firepower, especially if you’re already using 2FA, but this is definitely one of those “if you get hacked, you’ll wish you had it” kind of preventative steps that’s easy to implement.
Comments
3 responses to “How To Secure Everything With A Hardware Token”
If you lose your hardware key. What is the process to gain access? I presume there an alternate method, which laborious but secure. Do you have an estimate of how long it takes to get a new hardware key?
I note in the first image the key has a small hole, perfect for a keyring. Leaving your keys in a machine is less than ideal. So do applications authenticate for a session or do they have to be left in? Not retrieving your authentication key is an obvious problem with someone able to walk off with it.
Also interested to know what happens if you lose the key. Perhaps biometric is better – you always have your body with you!
Biometric is really bad because you can’t lose it. I.e. you can’t change it if it has been compromised. My fingerprints are everywhere.
My fingerprints are everywhere.