Today, Google announceda new G Suite feature that allows admins to lock down accounts so they canonly be accessed by users with a physical USB security key. TheFIDO U2F Security Keys have been supported on G Suite and regular Google accounts since 2011, but now new security controls allowadmins to make the keys mandatory for anyone who tries to log in.Universal 2nd Factor (U2F)―initially developed by Google and Yubico―is a standard from the FIDO Alliance that allowsa physical device to work as asecond factor of authentication. After entering your username and password, you'll have toconnect your device to your physical authentication key. The keys can support USB, NFC, and/or Bluetooth, allowing them to connect to desktops, laptops, and smartphones. Many services support U2F, like Dropbox, GitHub, Salesforce, Dashlane, and others. TheChrome and Opera browsers support U2F, along with Android and windows smartphones.Modern iOS devices don't work with the standard, but Google appearsto have some kind of workaround
It's a good idea to enable 2FA on any service that supports it. Usually after your username and password you'll get texted or e-mailed a six-digit code to type in, but the security keys are easier and more secure thanpunching in a rolling code. While anyone in the world could theoretically guess your password and get your code, once you get your key set up, someone would have to physically have the key to access your account.
Google says mandatory key enforcement should hit G Suite admin panels today.