Google have announced yesterday that they are expanding their security verification methods with one more – a USB stick security key acting as a 2-step verification method for users to log into web-sites when using the Google Chrome browser. The method is called FIDO (Fast Identity Online) Universal Two-Factor Authentication (U2F) and is generally allowing users to log into different accounts using both credentials (username and password) and a physical security key.
The method is designed for any device which has an USB port, making the security verification safer, faster and nicer for users. Entering a profile through an USB key is easy – during logging in users must type in their passwords and then put in the stick into the USB port of the device. It acts as a security key and is being added physically into the computer port instead of entering a 6-digit security code received on mobile phones.
Users who do not want to use FIDO method can still use the older 2-step verification one as well. Being applicable for devices with USB ports makes FIDO unsuitable for mobile phones and most Apple devices though. The security methods for these will remain the same – password protection or 6-digit security code.
The new FIDO method will provide users with better protection against phishing sites. Although the two-factor authentication (2FA) one is quite secure, advanced hackers may still trick you by building sites looking like the ones you want to log into, so you to provide them with your 6-digit security verification code. Using cryptography instead of security codes FIDO is much better for protection as it works only with sites it’s supposed to work with, Google explanation of the method states. With this new method you will not need any mobile connection at all.
The method works with Google Chrome 38 version and desktop operation systems like Windows, Linux, Mac or Chrome at the moment. For registration via USB stick Google uses the 2-factor authentication protocol of the FIDO Alliance (FIDO U2F). It won’t be suitable for mobile phones in which cases the users are advised to stick to the older 6-digits security codes receiving Google currently offers.
Carrying the USB stick with you all the time might seem risky if you lose it. Google state that anyone who finds it will not be able to use it though as it will be applicable only for the device you have registered it onto. If you still happen to lose it or decide not to use it anymore you can always go back to the older 2FA method. More information on the new one and its usage it can be found in the Google ‘Common questions about Security Key‘ page.
The new FIDO U2F USB security keys are already available for sale by some companies like Duo Security, Entersekt, Infineon and can be found in online marketplaces like Amazon and eBay. Google advice for customers is to look for the logo.