With all the recent issues with hacked accounts and/or leaked user account information on services like Apple’s iCloud or Dropbox to name a few, companies like Google have been adamant at pushing their users to activate 2-factor authentication or 2-step verification for all their accounts to protect themselves further from unwanted intrusion and today the company has announced that Google users will now be able to login to their accounts using physical devices like a USB security key as an alternative to the companies usual 2-step verification processes.
“Today we’re adding even stronger protection for particularly security-sensitive individuals. Security Key is a physical USB second factor that only works after verifying the login site is truly a Google website, not a fake site pretending to be Google,” said Nishit Shah, a Product Manager at Google Security. “Rather than typing a code, just insert Security Key into your computer’s USB port and tap it when prompted in Chrome. When you sign into your Google Account using Chrome and Security Key, you can be sure that the cryptographic signature cannot be phished.”
This means that if a hacker is able to steal your account password they still won’t be able to access your account without your USB security key and if someone somehow steals your security they’ll still need your password. This new service is free to use with Google Accounts but with a few caveats – only Chrome is supported and you’ll need a USB security key that’s compatible with the FIDO U2F protocol that Google is using. Luckily, FIDO U2F security keys are already available from a few manufacturers with prices ranging from $6 to $50.
The FIDO U2F (Universal 2nd Factor) protocol from the FIDO Alliance is an open source standard for authentication that’s currently only supported by Google, Chrome, and a few other sites including Microsoft, Paypal, and Alibaba, among others. Google is hoping more browsers and sites support the standard in the near future.