“The security code is a one-time code that can be used to login on platforms where security keys aren’t supported directly”
While Google’s security key is among the best possible ways to protect your online accounts against phishing, it has its own shortcoming. The new login method doesn’t support legacy platforms that don’t support FIDO protocols including Internet Explorer, Safari, and remote desktops. Google is addressing this issue with a new update that logs you into your G Suite account using security code. A security code is a one-time use code, generated using a security key, that can be used to log in legacy platforms where security keys aren’t supported directly.
Users will “Get one-time security code” as a two-way verifications option after they sign-in to an unsupported browser with their username and password. They will be required to “Sign in on another device with their security key to get a code” at https://g.co/sc in Chrome. Now, plug-in your security key and enter the security key to the first browser.
“A user may need to access a web application that federates their Google identity, but only works on Internet Explorer 11. While the browser can’t communicate with a security key directly, the user can open a Chrome browser and generate a security code, which can then be entered in Internet Explorer to gain access to the application,” the company wrote in its blog.
The security code will be available to users by default for some users including those who are subject to “Any” or “Any except verification codes via text, phone call” 2-Step Verification policies or to those who are not subject to a specific 2-Step Verification policy but have chosen to use a security key. The process is considered safer than getting codes via text messages or phone calls.