Web Application Security

It seems Google makes a new mistake by launching its new security key (2-step verification)  one of the steps is USB device .  The question  :how come can i plug USB into my mobile (I-Phone , I-Pad , Samsung Galaxy , ....) !  Do Google know the difficulties while you are holding a USB on your hand all the time .  so You can't access  your  account if it's not in your hands. or it's damaged ?  This solution is hopeless , I think it's designed for small audience. As someone says : Can you convince the Bank Manager while you are putting the USB Device into the bank PC, that you are securing your PC , not stealing the bank data, or not transferring amounts of money to other account . or what else .  You know , This way is not quietly good , If I have many accounts on Google and other websites ,I need many  USB devices to verify myself.  That's of course , not good at all.

Fake Data (Honey Data) By using honey data , it could help to identify attacks that are not triggered by error messages.  Honey data is data (e.g. Passwords, Credit card numbers,…) in tables which is never used by the application (Fake Ones). If someone from anywhere is accessing this kind of data , alert will be raised. Creation a table or tables containing unused data with juicy names (e.g. PASSWORD, CREDITCARD, SALARY).   Such interesting data is often the target of attackers.    During the attack, attackers are often accessing the view ALL_TAB_COLUMNS (Oracle) or INFORMATION_SCHEMA.COLUMNS (MySQL) to get the column names of interesting data.