Two-step authentication has been the standard for securing access to online accounts for most tech companies. Google rolled it out users in 2011 and has been steadily making improvements to the system to make it easier for us all to use it. Now, the rumored physical keys that are supposed to replace Google's two-factor verification for highly vulnerable targets are apparently here. The New York Times tested the tech company's Advanced Protection Program, which requires two physical keys to log in to a Google account. The site found that while the new program is effective, it does not yet support third-party apps that access Google information.