Skip to main content

Security upgrade! Google will now let you log in with a special USB key

With countless security breaches taking place where data such as usernames and passwords falls into the hands of cybercriminals, Internet users are being increasingly encouraged to enable two-step verification with Web services that offer it.

This extra layer of security forces you to enter a dynamically generated code sent to a mobile device, together with the usual password. This beats hackers as they’d need not only your password, but your mobile device too, in order to break into your account.

Recommended Videos

While this might sound like enough to protect your Web accounts, Google on Tuesday announced it’s adding “even stronger protection” for its own online services, a move that it says is aimed at providing peace of mind for “particularly security-sensitive individuals.”

The method, called Security Key, uses the Universal 2nd Factor (U2F) protocol from the FIDO (Fast Identity Online) Alliance. It involves first pairing a small device, the key, with your Google account. After that, each time you log in with your password, you simply insert the key into your computer’s USB port, wait for a prompt (eg. a flashing light on the device), give it a tap, and you’re in.

A notable advantage of the key is that it offers improved protection against phishing scams as it only works with genuine Google sites rather than imitation sites designed to trick you into handing over sensitive data, such as your password.

“When you sign into your Google Account using Chrome and Security Key, you can be sure that the cryptographic signature cannot be phished,” Google’s Nishit Shah wrote in a blog post announcing the company’s new security measure.

However, be aware that if you’re logging in using a tablet that has no USB port, you’ll have to fall back on one of your other two-step verification options. Also, as Shah alludes to above, accessing your Google account using the key can currently only be done via the company’s Chrome browser.

“It’s our hope that other browsers will add FIDO U2F support,” Shah said in his post. “As more sites and browsers come onboard, security-sensitive users can carry a single Security Key that works everywhere FIDO U2F is supported.”

A number of firms make the special USB key, which costs upwards of around $10. One supplier, Yubico, offers a brief run through of how it works in the video below.

[Image: Yubico]

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Chrome is making a key change to protect you from phishing
Google Chrome with pinned tabs on a MacBook on a table.

Phishing campaigns -- where a fraudulent website or email is made to look like it comes from a legitimate source -- have caused a huge amount of destruction, leading to untold numbers of virus infections and money lost through scams. Google has just rolled out a powerful way to fight phishing in its Chrome browser, however, and it could help you avoid falling victim.

As part of Chrome’s 15th-anniversary update, Google will be pushing its Enhanced Safe Browsing feature to all users in the coming weeks. This checks website URLs against a list of malicious sites stored on Google’s cloud servers, all in real time. If a match is found, the website is blocked and a warning is displayed to users.

Read more
Chrome has a security problem — here’s how Google is fixing it
Google Chrome icon in mac dock.

Google is looking to get ahead of high-severity vulnerabilities on its Chrome browser by shortening the time between security updates.

The brand hopes that more frequent updates will give bad actors less time to access and exploit n-day and zero-day flaws found within Chrome browser code.

Read more
Google just made this vital Gmail security tool completely free
The top corner of Gmail on a laptop screen.

Hackers are constantly trying to break into large websites to steal user databases, and it’s not entirely unlikely that your own login details have been leaked at some point in the past. In cases like that, upgrading your password is vital, but how can you do that if you don’t even know your data has been hacked?

Well, Google thinks it has the answer because it has just announced that it will roll out dark web monitoring reports to every Gmail user in the U.S. This handy feature was previously limited to paid Google One subscribers, but the company revealed at its Google I/O event that it will now be available to everyone, free of charge.

Read more