Anyone who uses cloud-based services like Google Apps should be taking steps to ensure that their account is secure. One of the best ways to do this is to enable two-step verification, which requires users to enter a code and password when they log in. To strengthen security even further, Google has introduced a new method of two-step verification which is carried out via a USB key.
Google and two-step verification
In order to further secure your Google account, beyond a difficult-to-guess password, your main option is two-step verification. The way this works for Google accounts is you need to provide a cellphone number for your account. When you try to log in you are either called or sent an SMS with a code to enter. Alternatively, you can download the Google Code generator which generates a code which you then need to enter when logging into your accounts.
While this works well when you have your mobile device with you, or when you are near the phone number linked to your account, it doesn't work so well when you aren't. In order to make things a little easier, Google has introduced a new two-step verification method that utilizes a special kind of USB key.
Two-step verification via USB key
Take a look around your desk, chances are high that you probably have a USB key or USB storage device within easy reach. While it would be cool to be able to use one of these to log into your account, you can't use just any USB key. Instead, you need to use one that is FIDO Universal 2nd Factor (U2F) compliant.
If you have one of these keys, once configured, you can stick it into one of your computer's USB ports and press a button. The coding on the stick will then talk to Google servers, sending cryptographic code back and forth, thereby unlocking your account.
This guarantees two things: Firstly, that you are logging in using two-factor verification and are therefore you; and secondly, that the Google site you are logging into is actually Google and not a malicious or fake site. Essentially, this further increases your overall account security.
A few caveats
While these security measures are a good idea in practice, there are a few caveats regarding this authentication method:
- You have to buy your own key, which costs anywhere from USD 15 and up.
- It will only work with Google Chrome and Chrome OS. This means that if you are trying to log into your account on another browser, or a mobile device, it won't work.
If you are worried about account security, then using a USB key like this could be a good idea, and if you are looking to learn more about implementing this method and ensuring all of your accounts are secure, contact us today.