Google boosts secure logins with USB Security Key
Google has unveiled a new two-factor authentication tool, letting you plug a USB key into your computer to verify your identity rather than have a code sent to your phone.
Google already offers two-step verification for its accounts, though it’s not enabled by default. Once you’ve flipped it on, it will send a code to your registered phone number to be entered if you try to sign in from an unfamiliar device.
Now, it’s extending that system, “adding even stronger protection for particularly security-sensitive individuals”. The Security Key is a USB stick that’s inserted when using Chrome or a Google account on a new machine.
“Security Key is a physical USB second factor that only works after verifying the login site is truly a Google website, not a fake site pretending to be Google,” explained product manager Nishit Shah in a post on the Google blog.
“Rather than typing a code, just insert Security Key into your computer’s USB port and tap it when prompted in Chrome,” Shah added. “When you sign into your Google Account using Chrome and Security Key, you can be sure that the cryptographic signature cannot be phished.”
The system uses the open Universal 2nd Factor (U2F) protocol from the FIDO Alliance, which means the Google Security Key could be extended to work on other sites logins. “It’s our hope that other browsers will add FIDO U2F support, too,” said Shah. “As more sites and browsers come on board, security-sensitive users can carry a single Security Key that works everywhere FIDO U2F is supported.”
There’s no direct charge for using the Security Key system with Google’s sites, but you’ll have to buy a supported U2F USB stick – which can be bought for £5 on Amazon.