With countless security breaches taking place where data such as usernames and passwords falls into the hands of cybercriminals, Internet users are being increasingly encouraged to enable two-step verification with Web services that offer it.
This extra layer of security forces you to enter a dynamically generated code sent to a mobile device, together with the usual password. This beats hackers as they’d need not only your password, but your mobile device too, in order to break into your account.
While this might sound like enough to protect your Web accounts, Google on Tuesday announced it’s adding “even stronger protection” for its own online services, a move that it says is aimed at providing peace of mind for “particularly security-sensitive individuals.”
The method, called Security Key, uses the Universal 2nd Factor (U2F) protocol from the FIDO (Fast Identity Online) Alliance. It involves first pairing a small device, the key, with your Google account. After that, each time you log in with your password, you simply insert the key into your computer’s USB port, wait for a prompt (eg. a flashing light on the device), give it a tap, and you’re in.
A notable advantage of the key is that it offers improved protection against phishing scams as it only works with genuine Google sites rather than imitation sites designed to trick you into handing over sensitive data, such as your password.
“When you sign into your Google Account using Chrome and Security Key, you can be sure that the cryptographic signature cannot be phished,” Google’s Nishit Shah wrote in a blog post announcing the company’s new security measure.
However, be aware that if you’re logging in using a tablet that has no USB port, you’ll have to fall back on one of your other two-step verification options. Also, as Shah alludes to above, accessing your Google account using the key can currently only be done via the company’s Chrome browser.
“It’s our hope that other browsers will add FIDO U2F support,” Shah said in his post. “As more sites and browsers come onboard, security-sensitive users can carry a single Security Key that works everywhere FIDO U2F is supported.”
A number of firms make the special USB key, which costs upwards of around $10. One supplier, Yubico, offers a brief run through of how it works in the video below.
- Android phones can now be used as a physical security key to your Google account
- You can now use an Android phone to log in to Google on an iOS device
- Google recalls Titan Security Key due to hijack risk
- Big phish: Report shows PayPal, Bank of America, Apple are top phishing targets
- The best wireless security cameras for 2019