Using Your T2F2 Security Key with Google

Follow the instructions below to protect your Google Account with Token2 T2F2 Security keys. If you do not have a T2F2 key, or you cannot use a USB port, you can still use a hardware token to protect your Gmail account. See our instructions here to learn how to use Token2 programmable TOTP tokens to protect your account.

The guide below mentions T2F2 key as an example, U2F only keys (T2U2F) can also be enrolled the same way

Requirements for using T2F2 Security key with a Google Account

  • A browser that supports U2F (recent versions of Google Chrome, Opera, Firefox).
  • A Google Account (such as Gmail, Google Docs, YouTube, Blogger, Adwords)

Note: If your Google account is a managed account -- such as with G Suite, Google Cloud, or Google for Education -- your administrator must have enabled two-step verification before you can use your T2F2 Security key. If the option to select 2-Step Verification is not available (as described in the steps below), ask your administrator to enable this security option.

Setting Up Your Google Account

  1. Turn on 2-step verification. If you already have set up 2-Step Verification, continue with the next step.
  2. Add a Security Key for 2-step verification. (We recommend that you add two Security Keys. They can be used interchangeably, or one can be your primary device, and one can be a backup device.
  3. Be sure to save backup codes (you will use these if you are ever logging in without your T2F2 Security key). To do this, scroll down after you have added your Security Keys and, under Backup codes, click Show Codes. Click Download or Print, and save the codes in a safe location.
    • You can also set up Google Authenticator to generate verification codes if you don't have your T2F2. The Authenticator app can receive codes even if you are not connected to the internet. Also, as already mentioned above, Token2 programmable TOTP tokens can act as a drop-in replacement of the Google Authenticator app

Your T2F2 Security Key is now registered to your account as your default Two-Step Verification device on supported browsers! The screen now displays all devices that are registered to your account, so you can easily add another Security Key, or remove registered keys. (If you accidentally lose a T2F2 key, come here and remove that key from your account. No one could log on to your account, though, because they would still need to know your username and password.)

Logging in to Your Google Account

Logging in to your Google account with your T2F2 key is very easy.

  1. The next time you need to login to your Google account, insert your T2F2 key.
  2. Enter your user name and password, and click Sign in.
  3. When the LED indicator above the Token2 Shield icon on the T2F2 key begins to blink, touch it with your finger.
    • If you want to trust this computer for a short period of time, so you do not have to insert your T2F2 key each time you log in, check the box to Remember this computer for 30 days.
    • If you do not have your T2F2 key with you, click Use a verification code instead.
        Gmail: Sign In with 2-Step Verification

It is recommended to have more than one security key enrolled. This is why we decided to introduce the FIDO bundle, which comes with a pair of T2F2 keys: one (primary, with a red sticker) to keep with you and one (secondary, with a green sticker) to keep in your desk drawer.