Skip to main content

Security upgrade! Google will now let you log in with a special USB key

facebook security key by yubico
Image used with permission by copyright holder
With countless security breaches taking place where data such as usernames and passwords falls into the hands of cybercriminals, Internet users are being increasingly encouraged to enable two-step verification with Web services that offer it.

This extra layer of security forces you to enter a dynamically generated code sent to a mobile device, together with the usual password. This beats hackers as they’d need not only your password, but your mobile device too, in order to break into your account.

Recommended Videos

While this might sound like enough to protect your Web accounts, Google on Tuesday announced it’s adding “even stronger protection” for its own online services, a move that it says is aimed at providing peace of mind for “particularly security-sensitive individuals.”

The method, called Security Key, uses the Universal 2nd Factor (U2F) protocol from the FIDO (Fast Identity Online) Alliance. It involves first pairing a small device, the key, with your Google account. After that, each time you log in with your password, you simply insert the key into your computer’s USB port, wait for a prompt (eg. a flashing light on the device), give it a tap, and you’re in.

A notable advantage of the key is that it offers improved protection against phishing scams as it only works with genuine Google sites rather than imitation sites designed to trick you into handing over sensitive data, such as your password.

“When you sign into your Google Account using Chrome and Security Key, you can be sure that the cryptographic signature cannot be phished,” Google’s Nishit Shah wrote in a blog post announcing the company’s new security measure.

However, be aware that if you’re logging in using a tablet that has no USB port, you’ll have to fall back on one of your other two-step verification options. Also, as Shah alludes to above, accessing your Google account using the key can currently only be done via the company’s Chrome browser.

“It’s our hope that other browsers will add FIDO U2F support,” Shah said in his post. “As more sites and browsers come onboard, security-sensitive users can carry a single Security Key that works everywhere FIDO U2F is supported.”

A number of firms make the special USB key, which costs upwards of around $10. One supplier, Yubico, offers a brief run through of how it works in the video below.

[Image: Yubico]

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
This Chrome extension lets hackers remotely seize your PC
A depiction of a hacker breaking into a system via the use of code.

Malicious extensions on Google Chrome are being used by hackers remotely in an effort to steal sensitive information.

As reported by Bleeping Computer, a new Chrome browser botnet titled 'Cloud9' is also capable of logging keystrokes, as well as distributing ads and malicious code.

Read more
This Wi-Fi security flaw could let drones track devices through walls
Professor Ali Abedi flying Wi-Peep standing against brick wall.

A research team from the University of Waterloo has attached a device to a drone that can use vulnerabilities in Wi-Fi networks to see through walls.

Imagine intruders being able to track people by the devices they have on them or find weak spots in their homes. This alarming possibility has been proven by a device called Wi-Peep, which is essentially $20 of easily-purchasable hardware, an off-the-shelf quadcopter, and the work of Dr. Ali Abedi and his team at the University of Waterloo.

Read more
Google’s new privacy tool lets you know if your personal info was leaked
A Google presenter announcing alerts for personal info.

Google has just announced the expansion of its upcoming privacy tool. Made to protect your personally identifiable information (PII) from being too easy to find, the "Results About You" tool was first announced in May 2022. It will soon begin rolling out to a wider audience, and once it's out, you'll be able to easily request the removal of your personal data.

Now, at Search On 22, Google shared that it will be expanding this tool with an additional useful feature -- the ability to set up alerts if, and when, your PII appears on the web.

Read more