If you have a Security Key USB, you can now use it to make sure your Google account is safe, including against phishing

Oct 22, 2014 06:26 GMT  ·  By

Google has announced some new plans to make sure that its users are even safer than before. On top of the two-factor authentication options that had already been made available by Google for a long time now, Google is going to make logging into your account safer.

The company has announced that it will be adding support for the Security Key platform into Google apps on Chrome.

Security Key, as you may know, is based on the Universal 2nd Factor, U2F in short. This is a system put together by the FIDO Alliance that allows users to log into Google Accounts by inserting a USB device into PCs. When the device is connected, users simply have to press a button on the gadget to obtain a one-time password.

Security Key only works after it verifies that the login site is truly a Google website, rather than a copy of one, such as it happens in phishing attempts. Once you insert the device into the computer, it will check the authenticity and provide the key. “When you sign into your Google Account using Chrome and Security Key, you can be sure that the cryptographic signature cannot be phished,” writes Nishit Shah, product manager at Google Security.

The system is better to fight against phishing attempts. For instance, the regular 2-step verification requires users to provide their password and a code that gets sent over their phone. However, as Google points out, sophisticated attackers could set up lookalike sites that ask you to provide your verification codes to them, instead of Google.

Since Security Key uses cryptography instead of verification codes, they’re safer to use. The fact that it automatically works only when the website has been verified adds to the entire package.

Google wants to grow the U2F-supporting community of sites and browsers

Google adds that Security Key and Chrome incorporate the U2F protocol from the FIDO Alliance, so other websites with account login systems can get FIDO U2F working in Chrome starting immediately.

If everything goes according to Google’s plans, as more sites and browsers come onboard, the security sensitive users can carry a single device that works everywhere FIDO’s U2F is supported.

“Security Key works with Google Accounts at no charge, but you’ll need to buy a compatible USB device directly from a U2F participating vendor.”

One of these devices can be bought off Amazon for between $5.99 (€4.7) and $17.99 (€14.12), which means that you won’t be going broke by buying one of these. Since this is your personal security at risk, you may want to help protect your Google account, especially given the number of tools and services it is used for.