Google reveals two-step verification Security Key technology

22 Oct 2014

Internet search giant Google has introduced a new two-step verification Security Key that will only allow security-conscious users to log into their favourite Google sites if they plug the USB device into their computer.

In these increasingly threatening times you can never be too careful about password protection and in recognition of this Google has brought out a new technology it calls Security Key.

The technology provides a physical second factor that only works after verifying the login site is a real Google site and not a fake site pretending to be Google.

“Rather than typing a code, just insert Security Key into your computer’s USB port and tap it when prompted in Chrome,” explained Nishit Shah, product manager at Google Security.

“When you sign into your Google account using Chrome and Security Key, you can be sure that the cryptographic signature cannot be phished.”

U2F protocol

The new Security Key and Google’s Chrome browser incorporate the open Universal 2nd Factor (U2F) protocol from the FIDO Alliance.

Security Key works with Google Accounts at no charge, but users would need to buy a compatible USB device directly from a U2F participating vendor.

“It’s our hope that other browsers will add FIDO U2F support, too,” Shah said.

“As more sites and browsers come on board, security-sensitive users can carry a single Security Key that works everywhere FIDO U2F is supported.”

USB Security Key image via Shutterstock

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years

editorial@siliconrepublic.com