Following are instructions so you can protect your Gmail account with YubiKeys that do not currently support U2F. It relies on a free application called the Yubico Authenticator (that works on Windows, Mac, or Linux operating systems) to generate time-based authentication codes.
- Shared OATH-TOTP secret from Gmail account settings
- YubiKey version 2.2 or later
- Microsoft Windows or Mac operating system (OS X or macOS)
- Yubico Authenticator for Desktop application (our free application, available from Downloads)
TIP: You can also use Google Authenticator if desired.
How to enable YubiKey + Gmail for Windows or Mac
- If you have not already done so, install Yubico Authenticator.
- In Gmail, enable two-step verification.
- Follow the prompts, including setting up a backup method of authentication, until the QR code is displayed.
- Open Yubico Authenticator.
- Insert a YubiKey (YubiKey Standard, YubiKey Edge) into the USB port of your computer.
- Select File > Add.
- Click Scan a QR Code.
- If desired, change the name of the credential and click OK.
- Enter the six digit code in the Gmail screen.
That’s it! The next time you log in to your Gmail account, you are prompted to enter your six digit code.
Logging in to Your Gmail Account
- Enter your user name and password as usual.
- Launch Yubico Authenticator for Desktop, and insert your YubiKey. The code is shown next to the service’s credential.
- Enter the code and click Sign In. If prompted, touch your YubiKey.
TIP: In Yubico Authenticator for Desktop, you can double-click the code, and then paste it into the field for the authenticator code.