Google is reportedly close to rolling out a hardware replacement for current 2-factor authentication setups. Right now, adding the need for a constantly changing code is one of the best ways to protect your account beyond just a password, which can be guessed, stolen from another service you reused it on or obtained via phishing.
News reports describe an “Advanced Protection Program” that replaces two-factor codes with a pair of physical keys, presumably similar to items such as Yubikey. According to the report, users will need both keys, which includes one that plugs in via USB.
It doesn’t sound like two-factor systems with codes or push notifications are going away for everyone, however, since this is intended for “corporate executives, politicians and others with heightened security concerns.” As many organizations shift to G Suite for their services, it could be an important add-on for someone who needs security but might not be able to deal with other forms of security.
Last year’s DNC hack that took over via the Gmail account of campaign chairman John Podesta. That attack provided a clear example of how important added protections are. However, many people don’t take advantage because they can seem complicated to setup. Just a few months many users were bombarded with a Google Drive-hosted phishing attack, and that won’t be the last one.