Protect Your Accounts and Passwords With a Hardware Token
Two-factor authentication is a quick and easy way to increase the security of your accounts (or password managers). For even more security and peace of mind, consider buying a hardware token like YubiKey or Google Titan. They’re incredibly easy to set up, and as long as you keep your USB accessory close to you — on your keychain, for example — you’ll be able to authenticate to supported accounts and services as quickly as typing a password. And since no one else has your hardware authenticator, your accounts will be protected from other attackers.
Setting up a hardware token is easy
I have a Google Titan and Yubikey hardware token, and setting them up is as difficult as adding two-factor authentication to my account, which is not difficult at all. All you have to do is visit Google’s 2-Step Verification page and choose the option to add a new security key.
Then you plug the dongle into your computer’s USB port, press its button, and that’s it. Your key is now registered with your account and will become your primary authentication method in the future.
When you log into your account on a new computer, you will see this prompt. And when you do, you will need to insert a key, press a button … and that’s it.
What about other services?
You can use the Google key with other sites and services such as Facebook or Twitter. This doesn’t work with LastPass at the time of this writing – annoyingly – but using a different hardware token like the YubiKey is just as easy. For example, to configure it, you need to open the LastPass settings; select the YubiKey option in the Multi-Factor Settings section; enable token; and officially adding it by clicking the “YubiKey # 1” box, inserting your token and clicking the button.
It might sound like a lot, but it’s hardly more complicated than the Google process. It took me as long to add the YubiKey to LastPass as it did to add the Google Titan key to my Google account. That said, the LastPass implementation doesn’t use the more secure FIDO U2F protocol – which you run into when you use the Google Titan to log into your Gmail – but it’s the best you’ll get when using a dongle with the service ( for now ).
No matter which key you use – and using Google Titan and YubiKey is a pretty small investment – it never hurts to keep your critical accounts as secure as possible. You may never need that much firepower, especially if you are already using 2FA, but this is definitely one of those “if you get hacked, you want it to be” preventative steps that are easy to implement.