You Can Now Protect Your Google Accounts With a Physical Key - Eric Limer - GIZMODO

I've never had a problem with how Google's two-factor authentication works. There are two options, receive a text message with the two-factor code or install an app that syncs with the Google account. Both methods are fairly easy to use and add a significant amount of security to Google accounts. Now, though, it appears there is a third option, which includes hardware. The hardware will have to be purchased and then enabled for a Google account, but it makes it much easier to interact with a Google account via Chrome or Chrome OS.

I'm a little concerned at the fact that it's a hardware option, because it could be lost or stolen. I imagine that you can disassociate the device from the account if it's lost, but if it's used sparingly there could be a large period of time between the lost device and discovery. And if someone steals the device and happens to have the password to my account it seems like it would be much easier for them to get into my account with hardware that supposed to make it more convenient for me to login. Sure my phone can be lost or stolen, but I'll know about it pretty quickly and it does have a lock on it. And yes, my phone passcode could be cracked, but it is adding another barrier to someone getting into my account vs. a piece of hardware that's triggered by the push of a button. That's not to say that I think this option is bad; it's just that I don't find the current process all that annoying. Regardless, I think a third option is a good thing, because more options for security is a very good thing.

This post first appeared on Exploring Information Security.