Sign up to our newsletter
Google has added an optional extra layer of security to its accounts, by introducing USB authentication to Chrome, the company has announced in an official blog post.
Not only will the USB authentication option counter the issues that sometimes arise with two two-factor authentication (phone without charge, or unable to receive text messages), but the post promises that Security Key “only works after verifying the login site is truly a Google website, not a fake site pretending to be Google.”
The system is simple, and comes in partnership with the FIDO Alliance – a project that aims to make logins easier with open standards. Once you have a supported USB stick (Slashgear reports you will need an “official U2F Security Key to make it all work to Google’s satisfaction”), you just have to plug in the stick, and tap it when prompted to do so by Google Chrome. The official blog entry makes the bold claim that “when you sign into your Google Account using Chrome and Security Key, you can be sure that the cryptographic signature cannot be phished.”
However, it’s not without its issues. The most obvious is that, for the moment, it’s only compatible with the Chrome browser, though Google mentions in its blog posts that “it’s our hope that other browsers will add FIDO U2F support too.”
PC World highlights a potentially bigger concern: “it’s a non-starter for phones and tablets, which typically don’t have full-sized USB ports.” In the long run though, FIDO intends to support other formats including contactless solutions like Bluetooth and NFC, so the issue may cease to be a problem with time. The significant backing of a company with the internet-wide presence of Google is certainly a strong indicator that the technology could become more widespread in making passwords and internet logins more secure.
Author Alan Martin, ESET