Following are instructions so you can protect your Gmail account with YubiKeys that do not currently support U2F. It relies on a free application called the Yubico Authenticator (that works on Windows, Mac, or Linux operating systems) to generate time-based authentication codes.
- Shared OATH-TOTP secret from Gmail account settings
- YubiKey version 2.2 or later
- Microsoft Windows or Mac operating system (OS X or macOS)
- Yubico Authenticator for Desktop application (our free application, available from Downloads) TIP: You can also use Google Authenticator if desired.
How to enable YubiKey + Gmail for Windows or Mac
- If you have not already done so, install Yubico Authenticator.
- In Gmail, enable two-step verification.
- Follow the prompts, including setting up a backup method of authentication, until the QR code is displayed.
- Open Yubico Authenticator.
- Insert a YubiKey (YubiKey Standard, YubiKey Edge) into the USB port of your computer.
- Select File > Add.
- Click Scan a QR Code.
- If desired, change the name of the credential and click OK.
- Enter the six digit code in the Gmail screen.
Logging in to Your Gmail Account
- Enter your user name and password as usual.
- Launch Yubico Authenticator for Desktop, and insert your YubiKey. The code is shown next to the service's credential.
- Enter the code and click Sign In. If prompted, touch your YubiKey. TIP: In Yubico Authenticator for Desktop, you can double-click the code, and then paste it into the field for the authenticator code.