Those who are looking for a more intensive security verification process than the usual 2-step model can now add in a physical key to the mix. Google has been the latest to join up with FIDO Alliance, in order to provide a USB powered key that uses the Universal 2nd Factor (U2F) protection method.
Google already has a standard two-step verification that sends a code to your mobile phone through a text message. That allows you to confirm an unfamiliar device, and gain access to your account if it has been locked for suspicious activity. But that can theoretically be bypassed, such as through cloning a phone and intercepting their text messages. It is a far way to go, but not impossible.
Now, they are trying to increase the security further so those who need the highest level of security don’t have to rely on their current methods. Google has introduced a key that can be plugged into your USB port. It confirms that any login or access requests are coming from a genuine Google website. That protects from hacking protocols that mimic the service to gain access.
It isn’t a fail proof security option, but it takes the fight to another angle that was formerly vulnerable. By incorporating it into the current two-step method, you have more protection from the two most common methods of gaining unauthorized account access.
Chrome is now compatible, and Google has said that they hope other browsers will begin to add FIDO support, as well. If all browsers work with the U2F coding, one security key would work all the way across the board. Since Google is pushing the security feature so hard, it does seem likely that others will join up. After all, Heartbleed was a veritable disaster, and consumer trust in browsers and website security are at an all time low.
To use this security process, you will have to purchase a FIDO approved USB security key. You can find a few of those on Amazon, ranging from $17.99 to $60.00. There doesn’t seem to be any reason to buy the more expensive one, so don’t be shy about picking up the cheaper version. It is still certified, and has all the same features. Plus a bunch of reviews singing its praises, unlike the other two options.