Common questions about Security Key
Yes. Your Security Key is registered to your Google Account, not a particular computer. You can use your Security Key on any computer with Google Chrome.
Yes. You can register the same Security Key with multiple Google Accounts.
Yes. You can register multiple Security Keys to a single Google Account.
The USB version of Security Key cannot be connected to a phone conveniently.
If you need to sign in on a phone or tablet, you’ll be given the option of using a verification code. Simply click the link at the bottom of the screen that says “use verification code instead.”
Currently, Security Key is only supported on computers running the Google Chrome browser.
If you need to sign in on a different browser, you’ll be given the option of using a verification code.
You’ll want to double check the following things:
- Make sure you’ve updated to the latest version of Chrome
- Make sure you are using a compatible Security Key with the FIDO U2F logo.
- Using Linux? You'll need to allow your Linux account to access the Security Key first. See the next question for more details.
If you are using Linux, you need to allow your Linux account to access your Security Key by adding a udev rule for the device. Please refer to your Security Key vendor's help page for details.
If you’re asked for Security Key and don’t have it available, you’ll always have the option to use a verification code. Simply click the link at the bottom of the screen that says “use verification code instead.”
If you lose your Security Key, you can still sign in to your Google Account using a verification code. Once you have access to your account, you should remove the lost Security Key and then you can add a new one to your account.
To be extra careful, we recommend you print a set of backup codes when enabling 2-Step Verification. This way if you also lose your Security Key and can’t access verification codes, you’ll still be able to get in to your account.
If you lose your Security Key or simply no longer want to use it, you can remove it by going to the "Sign-in & security section" of My Account and clicking the trash can icon next to the appropriate Security Key.
With 2-Step Verification, Google requires something you know (your password) and something you have (like your phone) to sign in. Google sends a verification code to your phone when you try to sign in to confirm it's you. However, sophisticated attackers could sometimes set up lookalike sites that ask you to provide your verification codes to them, instead of Google. Security Key offers better protection against this kind of attack, because it uses cryptography instead of verification codes and automatically works only with the website it's supposed to work with.
Your Security Key has no record of your accounts. Somebody who finds the Security Key cannot query it for the accounts it contains, because it doesn't store this information. All the Security Key can do is to answer a challenge from an account that it has been previously registered to. A lost Security Key is useful to the finder if only he/she also knows the username and the password for the Google Accounts where the Security Key has been registered. It is similar to losing a house key on the street -- it is useful to the finder only if he/she can somehow guess which house the key belongs to.
Since a Security Key can work with multiple websites, the FIDO U2F protocol was designed from the ground-up to ensure user privacy. A Security Key device cannot be queried for a unique identifier that could be used to track a user across multiple sites. Instead, a Security Key registers a unique credential with each website that it’s used with. These credentials are designed such that the websites cannot "compare notes" and identify the same user across websites by their Security Key.
Your Google username and password are protected from remote attacks like phishing when you use Security Key with Chrome. However, to be extra safe, we also recommend taking other precautions like using a modern and regularly updated browser, and not using a computer that could be infected by malware.
We recommend reading our suggestions on the Safety Center to learn what other steps you can take to stay safe online.