What Yubico calls two-factor authentication, Google calls two-step verification. But by any name, it’s available now for Google’s Gmail and Apps suite. If you have a FIDO U2F Security Key or another YubiKey that supports U2F you should look here for how that key is used to protect your Gmail account. If you have a YubiKey Standard or YubiKey Nano without U2F support, we have a free application, Yubico Authenticator for Desktop, that supports use of the OATH-TOTP protocol for two-step verification with Google services.
The first question is: How does the YubiKey, which has no battery and no internal clock to track time, support the OATH-TOTP protocol, which relies on using the current time? The YubiKey creates an OATH-TOTP code aided by the Yubico Authenticator for Desktop application, which sends the current time (supplied by the local OS) to the YubiKey and receives back the OATH-TOTP 6 or 8 digit code for the desired login.
- Shared OATH-TOTP secret from Gmail account settings
- YubiKey version 2.2 or later
- Microsoft Windows or Mac OS X
- Yubico Authenticator for Desktop application (our free application, available from Support > Downloads)
How to enable YubiKey + Gmail for Windows or Mac OSX
- If you have not already done so, install Yubico Authenticator.
- In Gmail, enable two-step verification.
- Follow the prompts, including setting up a backup method of authentication, until the QR code is displayed.
- Open Yubico Authenticator.
- Insert a YubiKey (YubiKey Standard, YubiKey Edge) into the USB port of your computer.
- Select File > Add.
- Click Scan a QR Code.
- If desired, change the name of the credential and click OK.
- Enter the six digit code in the Gmail screen.
That’s it! The next time you log in to your Gmail account, you will be prompted to enter your six digit code using Yubico Authenticator.