Google Starts Supporting Physical Security Keys for Accoount Logins
Google Starts Supporting Physical Security Keys for Accoount Logins
Earlier today, Google launched support for USB Security Key for Google Logins — an open standard that replaces the part where a verification code is sent to your phone with a physical device you can insert into your computer to verify your identity.
This step comes after your enter your password so it’s still 2 factor authentication in essence. It has been activated on all Google accounts free of charge.
Such security measures are already in place in secure locations but this marks the first time consumers will be able to use them in commercial services. Security Key is built on the U2F protocol from the FIDO Alliance and plenty of manufacturers have plans to offer compatible keys to customers. Right now, these keys can cost anywhere from 600 PKR to 5000 PKR.
While Security Key is undoubtedly a good step, in its current form we can’t help but think it’s limited. It does not work in browsers other than Chrome versions 38 or newer. Furthermore, any users who are mobile would have a hard time using this authentication measure on their smartphones and tablets.
However, there is a lot we can expect from Security Key. Since it’s based on FIDO which is an open standard, it isn’t necessarily limited to USB as the verification mechanism. We’ve seen NFC tokens being used for triggering certain profiles, sharing information and even used for cashless transactions. It’s possible for them and Bluetooth tokens to be used instead of USBs for verification.
Getting creative as people surely will, we could see biometric and fingerprint scanners used for the same purpose. Another interesting thing is that Security Key isn’t limited to two step verification; it can be extended to multiple steps which could be of use to security conscious organizations and paranoid individuals.
One thing is for sure. We are moving away from single passwords and that can only be a good thing. Universal multi step authentication is going to make life for hackers and scammers a lot harder. We are already there with mobile being the second step but more choices can only be a good thing.