Google has announced that physical USB security key support is coming to all version of G Suite over the next few weeks. Support of security keys, to this point, has been limited to Enterprise level customers. That is changing as all variants of the service will be gaining support.
Security Keys are a physical USB key that you plug into a device that gives you access to it. It is perhaps the ultimate in 2-Factor authentication. Yubico is perhaps the most well known of these types of keys and they are readily available at low cost.
With this change, all G Suite admins will be able to either set security keys as an option for 2-factor authentication or outright, the most secure way, to require it. Users will then have to physically insert their key to a device in order to authenticate. Think of it as an app like Google Authenticator, just in physical form.
There are plenty of safeguards and ways for admins to let users have access should they lose their physical key.
Admins should expect to see the option to enable security key support on their domain over the course of the next two weeks. Google is in the process of rolling it out but have said it could take that long before everyone sees it. It will not be enabled by default admins will need to go through documentation on setting it up for their organization. Those key documents include:
- Restrict users’ two-step verification method to security keys only.
- Add and revoke security keys for users.
- View reports on security key usage.