Mountain View’s two-step authentication is about to get even better in Chrome, as the company announced the launch of physical USB Security Keys.
Until now, logging into your Google account while having the 2-step authentication active required you to enter either a code received on your phone via text message, or one generated by the Google Authenticator smartphone app (which in case you didn’t know, also works with Dropbox). Unlike Dropbox and other companies who have had security issues in the recent past, Google didn’t wait for its accounts to be compromised before beefing up its security measures, fact that should really be appreciated by its users.
In Google’s opinion, there are two reasons why the safety of the two-step authentication needed to be improved. First of all, there’s the risk of phishing. Hackers are able nowadays to replicate not only the login page to your Google account, but also the two-step authentication one. This way, if you’re not paying attention to what’s written in the address bar of your browser, you could become a victim and have your Google account compromised.
Secondly, there are situations when your smartphone doesn’t have a data connection, or when its battery runs out prior to using the Authenticator app. The USB Security Key, on the other hand, is always in your pocket, and can be attached to your keychain, so that you don’t misplace it.
The Google 2-Step Authentication Security Key isn’t pretentious in terms of the platform you’re using, as long as you have Chrome 38 or newer. In other words, it will work just fine on any device running ChromeOS, Windows, Mac OS, or Linux. Since both Chrome and the Security Key include the Universal 2nd Factor (U2F) open-standard developed by the FIDO Alliance, so any USB key compliant with this standard can be used.
Just to make sure that there are no misunderstandings, the Security Key isn’t here to entirely replace the codes that were used until now for the two-step authentication. As a matter of fact, you can continue using those, especially if you only use your Google account on mobile devices (even though USB OTG could be deployed in that case), or if you don’t use Chrome as your browser.
Be social! Follow Walyou on Facebook and Twitter, and read more related stories about the 7 million Dropbox accounts that might have been compromised, and the Tuit security ring that uses NFC to unlock your phone.