You’ll need a hard reset, and an Android phone.
I’m a big fan of U2F security keys in general, and the Google Advanced Protection Program in particular. The former is a more secure method of two-factor authentication than SMS or even time-based tokens, both of which are subject to real-time interception. For those of us whose lives are a little more public than the average user, though, there’s the Advanced Protection Program. It locks down your consumer-level Google account even further, (mostly) requiring hardware keys to gain access to your account, and blocking most other apps from having access to your most sensitive Google data. (For more on both of those things, see my writeup here.)
In addition to only using Gmail in a browser, the other major difference for me was that I couldn’t log back in to my NVIDIA Shield TV. (Because you need a hardware key to log in, and despite NVIDIA Shield TV having both Bluetooth and a USB-A port, someone — understandably, I suppose — apparently forgot about this use case.) I could still use my Android TV, it just no longer had access to my Google account. That meant, among other things, I couldn’t update apps, or download new ones. In addition to just being annoying, that’s a security issue unto itself.
There is, however, a fix. Here’s how to use your Android TV — with your Google account — if your Google account is under watchful eye of the the Advanced Protection Program.
- You’ll need to hard-reset your Android TV. Go into the settings, menu, the find the reset action, and reset this sucker. (Note: This is a step that’s actually missing from Google’s instructions. You can’t just "remove your account" like it says to do. You have to reset the device, at least on NVIDIA Shield TV.)
- When things are back up and running, you’ll be asked if you want to "Set up your TV with an Android phone or tablet." Choose yes.
- With your Android phone or tablet on hand, follow the instructions.
Here’s what’s going on: If you’ve ever used Google’s slick little method to copy your Google accounts from an old phone to a new phone, it’s exactly what you’re doing here. It’s a little hacky in that technically it bypasses one of the more important parts of the Google Advanced Protection Program by not actually requiring the hardware keys (and that’s true for this method with phones as well as with Android TV, I suppose), but this is also a fairly niche case. And if someone already has your phone and can unlock it, you’re already pretty screwed anyway.
So it’s hack that I’ll take.
December 20, 2018 at 06:26AM