Today, Google announced a new feature designed to enhance two-factor authentication for its services, known as Security Key – “a physical USB second factor that only works after verifying the login site is truly a Google website.”
The feature replaces the need for typing in a verification code to be granted access, allowing users to simply plug in the device into their computer’s USB port and tapping it when prompted by Google Chrome.
Google announced the feature adds even stronger protection against phishing attacks for particularly security-sensitive individuals.
“Sophisticated attackers could set up lookalike sites that ask you to provide your verification codes to them, instead of Google,” said Nishit Shah, Google Security Product Manager, in a blog post.
“Security Key offers better protection against this kind of attack, because it uses cryptography instead of verification codes and automatically works only with the website it’s supposed to work with.”
Additionally, unlike a mobile device, Security Key does not require a data connection or battery life.
The feature is currently compatible with Google’s browser and incorporates the open Universal 2nd Factor (U2F) protocol from the FIDO Alliance, making it possible for other websites with account login systems to adopt the service, as well.
“It’s our hope that other browsers will add FIDO U2F support, too,” said Shah. “As more sites and browsers come onboard, security-sensitive users can carry a single Security Key that works everywhere FIDO U2F is supported.”
Security Key works with Google accounts free of charge but users will need to purchase a compatible USB device directly from a U2F participating vendor.
Read More Here…