Stay on Top of Enterprise Technology Trends
Get updates impacting your industry from our GigaOm Research Community
Google has long offered optional two-step verification for account access, with the first step being your actual logging in and the second a verification code sent to a trusted phone. Now you can use a special USB key for the second step as Google has announced support for the Security Key.
The Security Key is based on an open standard protocol called Universal 2nd Factor (U2F) created by the FIDO (Fast IDentity Online) Alliance, a security-focused group whose members include ARM, BlackBerry, Discover, Google, Lenovo, Microsoft, MasterCard, PayPall, Qualcomm, Samsung and Visa, to name a few. The group aims to improve online authentication practices by working together in the creation of more secure standards.
The Security Key, which only works with Google Chrome for now, will first verify that the site you’re trying to access is actually a [company]Google[/company] site, not some third-party spoof. Then you simply type in your Google account password, tap the small button on the Security Key when prompted and — assuming you do have the proper account credentials entered — you’re into your Google account.
Google hopes that other browsers implement the Security Key, which would provide security and choice; for now, this is a Chrome-only solution. To get a Security Key, you’ll need to buy one from a third-party. Google says to look for the FIDO Alliance logo when purchasing one. The ones I found on Amazon range between $18 and $50.