Google's Security Key will detect whether sites purporting to be Google sites are authentic
Google’s two-step verification is one of the safest methods of logging into your Google Account, but now the company has added an extra layer of security in the form of a physical USB stick.
The Security Key works by verifying whether the login site you’re using an authentic Google website rather than a fake one pretending to be Google. Instead of typing in a code, all you need to do is insert the Security Key into your laptop or PC’s USB port and tap it when prompted in Chrome. This will prevent your cryptographic signature from being phished, according to Google, but will only work when you log into your Google Account using Chrome.
“Security Key and Chrome incorporate the open Universal 2nd Factor (U2F) protocol from the FIDO Alliance, so other websites with account login systems can get FIDO U2F working in Chrome today” said Nishit Shah, Product Manager of Google Security.
“It’s our hope that other browsers will add FIDO U2F support, too. As more sites and browsers come onboard, security-sensitive users can carry a single Security Key that works everywhere FIDO U2F is supported.”
Security Key doesn’t come free, though, as you’ll need to buy a compatible USB device directly from a U2F participating vendor, says Google. So far, Google has only listed keys available on Amazon in the US, but the cheapest one available is $17.99 from Yubico.
Previously, Google’s highest level of security came in the form of two-step verification. When logging into your Google Account from a new device, this asked for a verification code from your phone on top of your password, making it impossible for hackers to log into your account from an unfamiliar device unless they had your smartphone as well.