Shame I have to pick EITHER 2-step or Security Key.
My ideal would be to use Security Key to bypass 2-step on devices that supported it and then use 2-step elsewhere.
For example, some public computers have the USB port literally glued shut, therefore Security Key won't work. In those cases I'll still have my phone with me and could bypass it via 2-step.
Essentially I want to use the Security Key as a way to save me typing in my 2-step code because I'm lazy, rather than to "add" security.
Google's current 2-step "remember-device" doesn't really work for me as it utilises cookies which get cleared. I could add it to a white-list of preserved cookies but they use obscure often changing sub-domains.
> Shame I have to pick EITHER 2-step or Security Key.
You don't. You must use 2-step to use Security Key.
> My ideal would be to use Security Key to bypass 2-step on devices that supported it and then use 2-step elsewhere.
That's exactly what happens when you use Security Key. FTFA:
If you use 2-Step Verification, you can choose Security Key as your primary method [...] In general, you’ll still be able to use a verification code the way you normally do on any device that doesn’t support Security Key.
Not sure about it, but this page [1] does say "In general, you’ll still be able to use a verification code the way you normally do on any device that doesn't support Security Key." Assuming you'd be able to tell it that it doesn't support it, rather than it just deciding based on hardware?
My ideal would be to use Security Key to bypass 2-step on devices that supported it and then use 2-step elsewhere.
For example, some public computers have the USB port literally glued shut, therefore Security Key won't work. In those cases I'll still have my phone with me and could bypass it via 2-step.
Essentially I want to use the Security Key as a way to save me typing in my 2-step code because I'm lazy, rather than to "add" security.
Google's current 2-step "remember-device" doesn't really work for me as it utilises cookies which get cleared. I could add it to a white-list of preserved cookies but they use obscure often changing sub-domains.