Two-factor Authentication with U2F (Google)
In this short tutorial, we will show you how to enable Two-Factor Authentication on a Google account and register a Trezor device as a U2F authentication token.
What is U2F and why should I bother?
U2F, or Universal 2nd Factor, is a form of two-factor authentication you can add to your online accounts. This additional layer of protection should ensure that you, the holder of registered U2F token, are the only person able to access the account - even if somebody has compromised your password.
Read more about U2F in our glossary article "U2F" and in the blog article "Secure Two-Factor Authentication with TREZOR — U2F"
1. Visit Google.com and sign in to your account
Visit Google and find the Sign in button in the top-right corner of the screen. Sign in to your account.
Right next to where you signed in is a square grid made of nine smaller squares. By clicking on this icon you will be able to access other Google services and extended account features. Click on the Account icon listed in the first line on the left.
2. Access the "Security" settings and enable "2-Step Verification"
Now that you've accessed your Google Account page, find the menu selection on the left and click on Security.
Notice the option to enable 2-Step Verification in the bottom right part of the page.
When this feature is enabled, your Google account requires a second verification in addition to your standard password. There are several different methods of 2nd-factor authentication such as TOTP (Time-based One-Time Password), SMS messages, Security Token (U2F), and other. This time, we will focus on registering your Trezor as a Security Token.
Click on 2-Step Verification and then GET STARTED to continue.
3. Select "Security Key" out of other options used to sign in
At this point, Google asks you to sign in to your account again. This is a security precaution implemented to ensure you are the one changing your settings (as opposed to somebody who sneaked access to your computer when you were not looking).
When you sign in, Google asks you to select the preferred method of 2-Step Verification. First, you are offered Google's native solutions. This goes without explanation - Google wants you to use their apps.
However, since you have a better option, click on Choose another option and select Security Key
4. Connect your Trezor device and register it as a U2F security key for this service
5. Name your security token
Here you select the name Google sees when you use your device. This name is not the same as the name you chose when you first initialized your device.
Next time you sign in to your Google account, you will be asked to confirm the login on your device.