Use a security key for 2-Step Verification

Security keys can be used with 2-Step Verification to help you keep hackers out of your Google Account.
Important: If you’re a journalist, activist, or someone else at risk of targeted online attacks, learn about the Advanced Protection Program.

Step 1: Get your keys

Security keys for passkeys

If you want to sign in with just your security key and skip your password when possible, you must create a passkey. To create a passkey, your security key must support the FIDO2 protocol.

If you want to create a passkey on a FIDO2 hardware security key added to your Google Account prior to May 2023, you may first need to remove this security key from your account. After it’s removed, you will be able to create a passkey on this security key.

Tip: Any FIDO1 or FIDO2 security key can be used as a second step for 2-Step Verification.

Step 2: Add a key to your account

Make sure you’re using the latest version of your browser or OS. New registered keys no longer work on Android devices 8.0 and lower.

  1. Open a compatible browser, like Chrome.
  2. Enroll your security key. You might need to sign in.
Tip: To help you sign in if your key is lost, add more ways to prove it's you

Step 3: Sign in with your key

Important: If you create a passkey on your security key, you’ll bypass the second authentication step, since this verifies that you have possession of your device. If you’d like to always use your password, you can change this default preference in your account settings.

Security keys are a more secure second step. If you have other second steps set up, use your security key to sign in whenever possible. If a security key doesn't work on your device or browser, you might see an option to sign in with a code or prompt instead.

If you receive the error, “You need to register this Security Key to your Google Account before you can use it to sign in”:

  1. Attempt to sign in with a different account.
  2. Update your Google Play service.
  3. To add the account in question, try to sign in again.
Tip: You’ll be asked for your security key or another second step any time you sign in from a new computer or device.
With Near Field Communication (NFC)
  1. On your Android phone or tablet, open a Google app or a compatible browser like Chrome.
  2. Sign in to your Google Account if you haven’t already.
  3. Your device will detect that your account has a security key. Follow the steps to sign in using your key.

Fix problems with NFC

Make sure to:

  • Turn on NFC on your device
  • Add the key to your account
  • Remove anything that might be blocking the NFC signal, like a case or sticker
  • Update your device to the latest version of Google Play Services
  • Try restarting your device
  • Try turning NFC off and on again

Google Play Services error

  1. On your Android device, sign in with an account that doesn't use a security key.
  2. Google Play Services should start updating automatically.
    • Make sure your device is connected to the internet.
  3. Sign back in to your Android device with the account that uses a security key.
  4. Follow the steps to sign in using your key with Near Field Communication (NFC).
With USB
  1. Open a compatible browser like Chrome.
  2. Sign in to your Google Account. Your device will detect that your account has a security key.
  3. Connect your key to the USB port in your device.
    • You may need a USB adapter.
  4. If you see a message from "Google Play services," tap OK. If not, move on to step 5.
  5. Turn on your key:
    • If your key has a gold disc, tap it.
    • If your key has a gold tip, tap and then press it.
    • If your key has a button, press it.
    • If your key has none of these features, you may need to remove and reinsert it. This type of key turns off after each use.

Organize your security keys

You can manage your security keys under your 2-Step Verification settings. There, you’ll find a list of the keys you’ve added, from the most recent to the oldest. You’ll also find more info such as the key's name, the date it was added, and the date it was last used. The key’s name defaults to “Security Key” unless you choose a custom name.

You also have the option to edit each security key’s name or to delete it.

Rename your security keys

Next to each security key, click on the pencil icon Edit to edit its name. This means that if you have multiple security keys, you can better identify them with a custom name.

Remove your security keys

Next to a security key, click on the trash bin icon Delete to remove it so that it’s no longer connected to your Google Account. When you remove your security key, you’ll be asked for confirmation. You may also need to sign in to your Google Account again.

Unable to use security key

If you can’t use your security key, you can generate a security code for 2-Step Verification:

  1. On a device signed into your account, go to g.co/sc.
  2. Follow the on-screen instructions.
Reset your locked security key

Some security keys need extra verification, like a PIN.

If your security key is locked due to multiple incorrect PIN entries and must be reset:

  1. On your computer, open Chrome Chrome.
  2. At the top right, click More More.
  3. Click Settings and then Privacy and security and then Security and then Manage security keys and then Reset your security key.
  4. Follow the instructions on screen.

Tip: You can use Chrome to reset your locked security key. Go to chrome://settings/securityKeys.

Lost security key

If your security key is lost, to regain access to your account and protect it, follow the steps for the type of 2-Step Verification you have:

If you have another second step

  1. Sign in to your Google Account with your passkey or your password and other second step.
  2. Follow the steps to remove the lost key from your account.
  3. Get a new security key
    • You may want to get an extra key that you can keep in a safe place.
  4. Add the new key to your account.

If you don’t have another second step or forgot your password

Important: 2-Step Verification requires an extra step to prove you own an account. Because of this added security, it can take up to 3-5 business days for Google to make sure it’s you trying to sign in.

  1. Follow the steps to recover your account. You'll be asked some questions to confirm it's your account.
  2. You may be asked:
    • To enter an email address or phone number where you can be reached.
    • To enter a code sent to your email address or phone number. This code helps make sure you can access that email address or phone number.

Related resources

Search
Clear search
Close search
Google apps
Main menu