Google has announced new supporting system for two-factor authentication for its websites,Chrome desktop browser.The existing 2 step verification system is based on you enter password key that based on six-digit code that you receive vis SMS or Call on your mobile app.Google announced its enhanced two-step verification service that is based on a physical USB key, adding an another layer of security to protect its users from hackers and other forms of online theft.Security Key is a physical USB second factor that only works after verifying the login site is truly a Google website, not a fake site pretending to be Google. Rather than typing a code, just insert Security Key into your computer’s USB port and tap it when prompted in Chrome.
When you sign into your Google Account using Chrome and Security Key, you can be sure that the cryptographic signature cannot be phished.Security Keyand Chrome incorporate the open Universal 2nd Factor (U2F) protocol from the FIDO Alliance, so other websites with account login systems can get FIDO U2F working in Chrome today. It’s our hope that other browsers will add FIDO U2F support, too. As more sites and browsers come onboard, security-sensitive users can carry a single Security Key that works everywhere FIDO U2F is supported.This means other websites with login systems will also be able to use the same system if they want to.
The “Security Key” feature will currently work on Chrome and will be free for Google users.By letting users protect their accounts using two-factor authentication based on physical USB keys, it will be no longer any compulsion for you to type in the six-digit authentication code in Google’s Gmail or your Google Account. The Security Key ensures access via both your physical presence and your login password.
Furthermore, the Security Key platform will also look for foil phishing attacks by not providing a cryptographic signature to the site, preventing spoof sites from collecting username and password combinations of users forman-in-the-middle attacks.
NOBODY CAN ACCESS MY GMAIL ACCOUNT
Security key is meant for users who seek for higher level of security on their accounts and by implementing it, users will enjoy hack-free Google accounts, because cyber thieves will be restricted from accessing the account even if they have the correct credentials, or your stolen mobile phone — since they don’t have the Security key.
However, simply inserting a USB key before logging in, a password is still required. So that cyber thieves would not be able to log into your account just by stealing your Security key. But, if your account password is compromised somehow, it would be useless for hackers without the corresponding Security key.
SECURITY KEY ALSO WORKS FOR OTHER SITES
Yes others websites can use that security key by using of U2F protocol.Other websites besides Google can also opt Security key feature to provide stronger authentication options to their users. As more sites and browsers come on-board, security-sensitive users can carry a single Security Key that works everywhere FIDO U2F is supported.