Google Adds Physical Security Key Support to 2-Step Verification

Advertisement
By Ketan Pratap | Updated: 22 October 2014 13:23 IST
Google has beefed up its 2-step Verification process by enabling support for a Security Key, a physical USB second factor.

The company details that the physical USB second factor only works after it verifies the site the user is attempting to log in to is a Google website and not a fake site attempting a phishing attack.

(Also see: How to Enable Two-Factor Authentication For Gmail, Facebook, Apple, Twitter, Outlook, Yahoo Accounts)

Advertisement

Google in a blog post titled "Strengthening 2-Step Verification with Security Key" announced the new Security Key support, saying, "Today we're adding even stronger protection for particularly security-sensitive individuals. Security Key is a physical USB second factor that only works after verifying the login site is truly a Google website, not a fake site pretending to be Google."

The company details that the Security Key and Chrome incorporate the open Universal 2nd Factor (U2F) protocol from the FIDO Alliance. This means websites that use the same U2F protocol can access Security Key's features in Chrome.

Advertisement

Google reveals that the Security Key works with Google Accounts at no charge, but users are required to buy a compatible USB device directly from a U2F participating vendor. The Mountain View giant also provided a link to online retail giant Amazon that lists FIDO U2F Security Key USB devices, with prices starting as low as $5.99 (roughly Rs. 370), and warned users to look for the 'FIDO U2F Ready' logo.

The search giant says users will be able to log in safely by just inserting the Security Key into the computer's USB port as a second factor for verification when prompted in Chrome; rather than by typing a code. "When you sign into your Google Account using Chrome and Security Key, you can be sure that the cryptographic signature cannot be phished," it added.

Advertisement

Google claims that the Security Key offers "protection even beyond what using verification codes sent to your phone gives" and details few examples of phishing attacks. It notes, "With 2-Step Verification, Google requires something you know (your password) and something you have (like your phone) to sign in. Google sends a verification code to your phone when you try to sign in to confirm it's you. However, sophisticated attackers could set up lookalike sites that ask you to provide your verification codes to them, instead of Google. Security Key offers better protection against this kind of attack, because it uses cryptography instead of verification codes and automatically works only with the website it's supposed to work with."

The search engine giant also lists some limitations of the Security Key in 2-step Verification, such as the requirement of a USB port to use the Security Key, and that the feature does not work on browsers other than Chrome.

Advertisement

Last month, a stash of roughly 5 million usernames and passwords of Google accounts (including Gmail, Google+) was reported to have been found on a Russian forum for Bitcoin security. The company responded on the claims and said, "We found that less than 2 percent of the username and password combinations might have worked, and our automated anti-hijacking systems would have blocked many of those login attempts. We've protected the affected accounts and have required those users to reset their passwords."

Affiliate links may be automatically generated - see our ethics statement for details.
 

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Advertisement

Related Stories

Popular Mobile Brands
  1. Top 5 Features Worth Trying Out on Apple's First iOS 27 Public Beta
  2. How to Watch the FIFA World Cup 2026 Final Live Stream in India
  3. Oppo K15 Launch Date Confirmed; Key Specifications Revealed Ahead of Debut
  4. Airtel Unlimited 5G Data Subscribers Reportedly Cannot Share 5G Data via Mobile Hotspot
  1. Redmi Note 17 Pro Global Variant Reportedly Appears on NBD Database Alongside Poco Model
  2. Google Pixel 11a Codename Reportedly Spotted in Phone App
  3. Huawei Mate XT 2 Leaked Patent Reveals New Tri-Fold Design and Folding Mechanism
  4. Airtel Unlimited 5G Data Subscribers Reportedly Cannot Share 5G Data via Mobile Hotspot: Here's What We Know So Far
  5. Lenovo Legion C700 Teased as a Cloud Gaming Handheld Ahead of August Launch
  6. Marvel's Wolverine Gets New Trailer That Will Play Ahead of Christopher Nolan's The Odyssey in Select Theatres
  7. Airtel Quietly Removes Rs. 549 Individual Postpaid Plan in India; Rs. 699 Plan Becomes Next Upgrade
  8. Poco M8 Power, Poco X8 India Launch Timeline Tipped; Could Arrive as Rebranded Redmi Note 17 Series
  9. Samsung Galaxy S25 Series Could Get Galaxy S26’s Horizontal Lock Camera Feature With One UI 9 Update
  10. Asus Pad India Launch Date Announced as Company Reveals Key Specifications
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.