Technology has made a big influence on our daily lives in the past couple of decades. Today’s generation is handicapped without technology. Electronic devices, multimedia, computers and the internet in particular, have become necessities of life. Google has become synonymous with internet. Life without Google has become unimaginable. Google stores all its users’ information, their emails and other possible critical information on its cloud servers and we trust that it this information is secure and safe with Google. There have been a number of instances where hackers have attempted to exploit vulnerabilities to gain unauthorized access to this information. As the hackers and phishers are becoming smarter, the need for a robust security system in place is now more than ever.
Google has recently unveiled its latest security feature called the ‘Security Key’. The Security Key is a small USB stick that verifies and authenticates a Google website before you enter your account credentials.
Currently there are verification codes that are sent to your registered mobile number as part of the two-step verification process. This requires you to have a working mobile phone and an active mobile connection to be able to receive the verification code. Once received, the user has to key in the correct code. In case there is an error while punching in the verification code, the authentication fails and a new code is resent to the registered mobile number. This makes sure that even if phishers get ahold of your passwords, they cannot have access to the verification code on your phone. However, sophisticated hackers create lookalike sites that trick users into providing the verification code to them instead of Google.
The Security Key completely eliminates the need of codes in a two-step verification process and makes the Security Key the primary method.
The Security Key allows users to access their Google accounts, sign into Chrome and use their Chromebook by plugging this key to the USB port. This provides better protection against attacker as the key uses cryptography instead of verification codes and it automatically works only with websites that it is supposed to work with – which are truly Google sites.
Once the key matches with the website and provides access, the user then enters his credentials and a combination of the username-password and the Security Key creates a secure connection.
The Security Key is currently being sold by Yubico and does not require any other driver or software to be installed. In addition to working with Google accounts, the Yubico key also supports the Universal 2nd Factor authentication on other websites. U2F is an authentication standard that was created by the Fast IDentity Online (FIDO) Alliance. Google’s Security Key is the first deployment of the FIDO. Google is currently offering the Security Key for free, but considering the need of the USB drive, one might have to buy a USB drive from a third party.
What happens if you lose the Security Key? Considering the fact that the Security Key is a tiny thing that you carry in your pocket, there are chances of losing it. Other than the cost and effort of buying a new key, which would cost less than $10, there are no other hassles. You can continue to access your accounts using the verification code sent on your mobile phone. The key itself does not hold any information about your accounts and will be useless with your credentials.
Summary
Google’s vision is to move away from logging in and towards linking devices to your account. The device could be a USB key, a chip or a revolutionary wearable device in the future. The message is clear – a combination of two factors will be universally accepted soon – what you know and what you have.
