The Hacker News Logo
Subscribe to Newsletter

Google Launches USB-Based "Security Key" To Strengthen 2-Step Verification

Google Launches USB-Based "Security Key" To Strengthen 2-Step Verification
Google is taking its users’ privacy very serious and making every possible effort for its users just to make them feel secure when they are online.

Today, the tech giant has announced its enhanced two-step verification service that is based on a physical USB key, adding yet another layer of security to protect its users from hackers and other forms of online theft.

SECURITY KEY- 2 STEP VERIFICATION USING USB DRIVES
The "Security Key" feature will currently work on Chrome and will be free for Google users, but the company also notes that the Security Key is supporting the open Universal 2nd Factor (U2F) protocol from the FIDO Alliance, which will allow users to log in to Google Accounts by inserting a USB device into their systems.

By letting users protect their accounts using two-factor authentication based on physical USB keys, it will be no longer any compulsion for you to type in the six-digit authentication code in Google's Gmail or your Google Account. The Security Key ensures access via both your physical presence and your login password.
"Today we’re adding even stronger protection for particularly security-sensitive individuals," Nishit Shah, security product manager at Google, said in a blog post. "Security Key is a physical USB second factor that only works after verifying the login site is truly a Google website, not a fake site pretending to be Google."
YOUR PASSWORDS ARE SECURED
Furthermore, the Security Key platform will also look for foil phishing attacks by not providing a cryptographic signature to the site, preventing spoof sites from collecting username and password combinations of users for man-in-the-middle attacks.
"Rather than typing a code, just insert Security Key into your computer’s USB port and tap it when prompted in Chrome. When you sign into your Google Account using Chrome and Security Key, you can be sure that the cryptographic signature cannot be phished."
NOBODY CAN ACCESS MY GMAIL ACCOUNT
Security key is meant for users who seek for higher level of security on their accounts and by implementing it, users will enjoy hack-free Google accounts, because cyber thieves will be restricted from accessing the account even if they have the correct credentials, or your stolen mobile phone — since they don’t have the Security key.
However, simply inserting a USB key before logging in, a password is still required. So that cyber thieves would not be able to log into your account just by stealing your Security key. But, if your account password is compromised somehow, it would be useless for hackers without the corresponding Security key.

SECURITY KEY ALSO WORKS FOR OTHER SITES WITH U2F SUPPORT
Since the protocol is supported by Chrome, other websites besides Google can also opt Security key feature to provide stronger authentication options to their users. "As more sites and browsers come on-board, security-sensitive users can carry a single Security Key that works everywhere FIDO U2F is supported," Shah said.

Google is offering the Security key feature on all Google Account sites for free, but in order to use the service, users need to buy a USB device from an outside vendor such as Amazon or other retailers. Right now, the Google Security Key system works only in Chrome, but if other browsers and additional sites implement the U2F protocol, the same Security Key will work with them, too.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.