The internet search company Google has recently unveiled a new two-factor authentication tool for its services, known as Security Key – “a physical USB second factor that only works after verifying the login site is truly a Google website.”
The two-factor verification Security Key works in conjunction with a user signing into their Google account as usual and being asked for a second level of authentication such as a code sent by the usual methods (text, voice call or through their mobile app). However, this can now also be done using a Security Key USB which would plug into the computers USB port and notify Google of its authentication.
Google believes that Security Key is suitable for anyone that wants “protection even beyond what using verification codes sent to your phone already gives you.” It allows its users to be better protected against phishing and can even be used when your mobile doesn’t have any connection or battery.
Nishit Shah a Security Product Manager at Google commented that as “sophisticated attackers could set up lookalike sites that ask you to provide your verification codes to them, Security Key offers better protection, because it uses cryptography instead of verification codes and automatically works only with the website it’s supposed to work with.”