Google Security Key Allows USB Based 2-Step Verfication

Google Security KeyPreviously I wrote an article discussing two factor authentication as a means for increasing the security of online accounts. Most of these systems work upon a setup that requires access to either an email account or a smartphone that will receive a message to allow you to then get through the standard login procedure. The problem is that we don’t always have access to our email or phone to receive this secondary step which then results in the inability to access the account. Google has setup a new method that users can do in order to access their Google accounts and services when they don’t have access to their phones.

Google is a new method that allows users to setup a special USB storage device to acts as a key when they login to Google services. In essence, when you normally would be prompted to access the secondary authentication factor, you would instead access the Security Key to finish the validation. There are restrictions to the use of the method though.

  1. The USB key used to create the Security Key must be one that supports the FIDO Universal 2nd Factor (U2F) standards. Most of the USB flash keys you have probably do not have this as it is relatively new but looks like it will be widely supported.
  2. This method can only be used on non-mobile devices like a laptop or desktop systems. If you have a mobile device (smartphone or tablet) that is attempting to connect, it should be able to use the other two step verification methods.
  3. The Security Key validation system will only work with the Chrome browser (version 38 or higher). This means if your PC is using a different browser, you are out of luck.
  4. Security Key does not work on the ChromeOS (Chromebooks, Chomebox, etc) in the guest mode.

The best part of this system is that the Security Key does not record any of your account information. Anyone that has the key will not be able to login to your accounts by just plugging it into a computer. Users can also login to Google through the other verification methods and disable the key and create a new one.


Leave a Reply

Your email address will not be published. Required fields are marked *