Reddit mentions of Yubico - YubiKey NEO - USB-A, NFC, Two-Factor Authentication

SMS makes for a very poor second factor, and unfortunately, it is frequently accepted as a way to recover accounts -- even if you don't choose to make it your primary second factor.

I believe, Google is the only company that gets this right. You can set up your GMail account to only allow hardware tokens as secure second factors. This is a lot more secure, and it is a good idea for something as important as your primary e-mail account. But it can at times be somewhat cumbersome.

But in either case, use a second factor. And this is the order of how secure they are:

0. enable Google's "Advanced Protection". Extremely secure. Mostly easy to use. But some services don't quite work right with it yet.

1. get a FIDO U2F token. Super-crazy secure, and very easy to use. By default, you can always fallback on alternative authentication methods (e.g. Google Authenticator or SMS), if you don't have your U2F token at hand. I linked you to the NFC-enabled version of the token, as that allows for using it with Android phones. There also are Bluetooth-enabled tokens for iPhones. Or USB-only tokens, which are much cheaper, but don't work with cell phones.
   
2. Google Authenticator software app on your phone. Pretty secure, and reasonably easy to use.
   
3. SMS codes. Better than nothing, but actively exploited for attacks. Somewhat annoying to use.
   
4. Password-only. Too insecure for most applications.

Look into second factor authentication. Here is one version of a hardware key that is needed to login, they can have your password but without this key they cant get in https://www.amazon.com/Yubico-YubiKey-NEO-USB-Authentication/dp/B00LX8KZZ8

You can also use google authenticator, requiring a code each time there is a new login attempt.

Your cell phone has a unique key, IMSI, which authenticates your device and is paired with your number. Someone can definitely spoof their number as yours, but wouldn't be able to receive your data stream.

Google gives you the option to use a physical device like the YubiKey as an alternative to using a mobile device.

It should work, but it might be better to get a NFC version. Then you don't have to carry around an adapter.

Note: You can have more than one kind of 2-step verification.
Image

Yubikey (This only pops up on Desktop/Laptop) < --- The security key mentioned in the image.

Just my 2 cents.

First off, many of these things are intentionally cheap, because I do tend to break and/or lose things, so... Here goes.
All have Amazon links, because that was what was easiest.


Jewelry:

• Elder Scrolls Imperial symbol arrowhead necklace - I made this from scrap a while ago for a basic metal-arts class.
  
  
• Kris knife necklace - Got this at a Renaissance Fest last year, and I also like wearing it.
  
  
• UP by Jawbone (http://www.amazon.com/gp/product/B00A17IAO0) - Really great sleep tracker, plug-and-sync
  
• Fitbit Flex (http://www.amazon.com/gp/product/B00BGO0Q9O) - The de-facto fitness tracker, wireless sync
  
  
• Pebble watch (http://www.amazon.com/gp/product/B00BKEQBI0) - Simple smartwatch
  
  
  Right front pocket:
  
  
• Frame-lock box cutter (http://www.amazon.com/gp/product/B0016KHW2W) - Was using a frame-lock knife, to open boxes. Replaced it with this, been happy since.
  
  
• Precise V5 RT (http://www.amazon.com/gp/product/B001E6A9M8) - My favorite ball-point pen. Looking forward to the arrival of a Lamy Al-Star fountain pen.
  
  
• Zebra M301 0.5mm (http://www.amazon.com/gp/product/B003BLC7FG) - Great intro engineering pencils.
  
  
• Galaxy S5
  
  
• Chapstick
  
  
• Pentel plastic eraser (http://www.amazon.com/gp/product/B001Q4HQVU) - For the larger-than-one-character mistakes.
  
  
  Left front pocket:
  
  
• 4-in-1 screwdriver (similar to http://www.amazon.com/gp/product/B0014KMDZ0) - Thin profile screwdriver. Awesome. Clips away in a corner and you can forget about it until you need it.
  
  
• Streamlight MicroStream (http://www.amazon.com/gp/product/B00143JZ08) - Tiny little flashlight, amazing little clip. Clip it in a corner and forget it until you need it.
  
  
• Mighty Wallet (http://www.amazon.com/gp/product/B0036FN60W) - I keep it relatively thin in contents, and it's amazingly thin by itself.
  
  
• Sennheiser CX300IIs (http://www.amazon.com/gp/product/B001EZYMF4) - Some of the best little cheap earbuds. I have over-the-ears for desk-work, but these can go with me easily.
  
  
• Yubikey Neo (http://www.amazon.com/gp/product/B00LX8KZZ8) - For my 2FA needs, both on the phone and PC. I use it with LastPass.
  
  
• Spare AAA Battery
  
  
• 12" baton (http://www.amazon.com/gp/product/B00MHDLF8E) - For self defense, since I stopped carrying a knife, and it's more actually useful for defense than my old knife was anyway.
  
  
  Wallet highlights:
  
  
• Band-aids - I chew my cuticles and pick at scabs. Bad habit. Nice to have these around.
  
  
• Bottle opener - Got this as swag from a startup I used to work for.
  
• Sewing kit - For emergency mending
  
  
• Guitar picks (I like http://www.amazon.com/gp/product/B0002D0CGC)
  
  
• Safety pins
  
  
• Handcuff key
  
  
• Handcuff shim - Nice when handcuffs aren't double-locked; sometimes easier to manipulate than the keys.
  
  
  Left back pocket:
  
  
• Field Notes graph-ruled notebook (http://www.amazon.com/gp/product/B006CQT2KU) - reasonably durable, cheap notebooks.
  
  
  Not shown:
  
  
• Keysmart Extended key holder (http://www.amazon.com/gp/product/B00JXQQNC6) - Nice to keep my work keys from jangling around
  
  
• Car keys

I've been using LastPass at home and work. I also like it since I just started playing around with and liking a NFC U2F card, which the LastPass android client is compatible with.

There are any number of possible "factors", but generally speaking people mean "something you know" and "something you have" when talking about 2FA, and that's where I'll stay for the purposes of this discussion.

"Something you know" covers passwords, answers to security questions, and anything else that's a piece of knowledge you could tell me and I could use to authenticate as you at an arbitrary time in the future.

Most commonly, a "something you have" is a device (smartphone!) that implements HOTP or TOTP. Since the algorithms produce different numbers every 30 seconds, someone who intercepts the number once has no way of predicting what the correct number will be after the 30-second period has finished. This is really important, because it means to successfully compromise your account, an attacker not only has to steal or guess your static password (which they can do remotely), but steal a physical device that you probably keep on your person, and either alert you to it being stolen or copy the inputs the device uses for the OTP algorithm (which isn't trivial).

Personally, I use a Yubikey and either U2F or their HOTP/TOTP app. It's pretty cheap compared to most HSMs, and is significantly less likely to be compromised than my computer or phone. For most people, an OTP app is sufficient, but since I often find myself with full-access Amazon credentials for companies and things like that, I have a bit of a more paranoid risk model than most.

Is this it? Because $50 isn't that cheap, and the last thing I need is one more thing to remember to carry around with me.

I was just explaining it to u/floofugus. After reading these stories, I am removing my mobile phone from most sites that need 2FA and getting a Yubikey. I hope Gemini gets back to you in time. They seem like a well run exchange, so I suspect you'll be fine.