Google augments authentication with USB key


By Dylan Bushell-Embling
Thursday, 23 October, 2014


Google augments authentication with USB key

Google has amped up its two-factor authentication capabilities, introducing a method based on a physical USB key.

The company has introduced Security Key, a verification method that promises to be more secure than the default code-based system.

“With 2-Step Verification ... sophisticated attackers could sometimes set up lookalike sites that ask you to provide your verification codes to them, instead of Google,” the company said in an FAQ about the new product.

Security Key is instead designed to analyse unique cryptographic signatures in order to only work when a login page is a Google site, and not a spoof.

The key works without a mobile data connection or batteries. It currently only supports Google’s own web browser Chrome.

Security Key uses the FIDO Alliance’s Universal 2nd Factor (U2F) protocol, so other website operators can add compatibility with the key by using the protocol.

The USB keys must be purchased from participating U2F vendors. If they are lost, users can fall back on alternative methods such as code-based verification.

The keys do not store identifying information, so criminals would not be able to trace them back to their owners’ systems. But they are able to answer a challenge from an account they have previously been registered to.

Image courtesy of Jeff Keyzer under CC

Related Articles

Nation-state actors have their sights on the cloud

Prioritising the protection of credentials and adopting robust security measures can better...

Combating financial crime with AI

Rapid digital transformation across Australia and New Zealand has provided cybercriminals with...

Learning from the LockBit takedown

An international taskforce has seized the darknet sites run by LockBit, but relying on law...


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd