Skip to main content

Security keys can now create one-time Google security codes for sign-in

Avatar for Abner Li  | Jun 25 2019 - 8:31 am PT
0 Comments
Titan Security Keys abroad

The best way to protect online accounts is with a security key that ensures you’re the one signing in. However, enterprise users still have legacy systems like Internet Explorer or remote desktops that don’t support the new log-in method. Google now has security codes created using security keys for those scenarios.

One-time security codes can be used to log into legacy platforms where security keys aren’t supported directly. After signing into an unsupported browser with your username and password, “Get a one-time security code” is presented as an available two-factor authentication option.

This prompts you to “Sign in on another device with your security key to get a code” at https://g.co/sc in Chrome. After plugging in your key, a code will be generated to enter into the first browser. This is safer than getting codes from SMS text messages or phone calls.

For example, a user may need to access a web application that federates their Google identity, but only works on Internet Explorer 11. While the browser can’t communicate with a security key directly, the user can open a Chrome browser and generate a security code, which can then be entered in Internet Explorer to gain access to the application.

This notably allows security key-backed log-ins on iOS apps, Safari, Internet Explorer, remote desktops, and other legacy applications that don’t support FIDO protocols.

Before enabling this new policy, carefully evaluate if your organization needs security codes. Using security keys without security codes helps to provide maximum protection against phishing.

Google is enabling security codes for some G Suite accounts by default:

  • Users subject to “Any” or “Any except verification codes via text, phone call” 2-Step Verification policies
  • Users which are not subject to a specific 2-Step Verification policy, but that have chosen to use a security key.

This will help increase security key adoption at businesses that previously couldn’t use the 2FA/2SV method everywhere, and is rolling out over the coming weeks.

Add 9to5Google to your Google News feed. 

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Check out 9to5Google on YouTube for more news:

Check out 9to5Google on YouTube for more news:

Comments

Guides

Google Account

Google Account
Two-factor authentication

Two-factor authentication
Security Keys

Author

Avatar for Abner Li Abner Li

Editor-in-chief. Interested in the minutiae of Google and Alphabet. Tips/talk: abner@9to5g.com