One factor authentication requires a single step to verify your identity, such as knowing your username and password. Two Factor Authentication (2FA) provides another layer of protection against hackers by also requiring you to have something – often a phone.
Using 2FA (also called two step authentication) greatly improves your security, and especially following the scandal of the leaked celebrity pics (aka ‘the Fappening’) is receiving a great deal of attention from both tech companies and the media.
We have looked in detail before at how to setup and use two-factor authentication for your Google account using your phone as the ‘second factor’, but Google has now added another option – using a USB Security Key which you inset into your computer when signing on, and tap when prompted to by your browser,
‘When you sign into your Google Account using Chrome and Security Key, you can be sure that the cryptographic signature cannot be phished.’
The idea is not new, and a similar key, known as the YubiKey Neo, has been on the market for some time. In fact, just like the YubiKey, Google’s Key implements the open Universal 2nd Factor protocol (FIDO U2F) promoted by the FIDO Alliance.
This means that it should compatible with all browsers, not just Chrome (and we think a YubiKey or other FIDO U2F compliant key can used to verify signing into a Google account).
Although there is of course a danger of losing the key, this method does have the advantage that users no longer have to hand their phone numbers over to Google if they wish to benefit from the extra security offered by 2FA.