![]() One notable downside is that you really need Chrome. All you need is a computer running Chrome v38 or higher, which is the current stable channel release. Any company that wants to take advantage of this highly secure access method can do so right now. While it's true that Google is adding support for U2F in its two-step account verification, the support is baked into Chrome. This is important because U2F isn't only for Google. A remote attacker won't have your U2F USB device, so any attempts to gain access are doomed. It uses public key cryptography to create a single USB device that can authenticate with the service. You can't use any old USB device you have sitting around - Google's Security Key implementation uses the open Universal 2nd Factor (U2F) protocol, which is maintained by the FIDO Alliance. Don't dust off that USB thumbdrive in your drawer just yet, though. In this case, that means a USB key that plugs into your computer, but other methods include temporary PIN codes sent via SMS, applications that receive codes via a secure server. Google and other companies include tools that can help you remain aware of when and from where your online profile has been accessed (hey, that random login from Prague looks suspicious), but the only way to be sure is to add a second layer of security on top of the password. You don't need to be anywhere nearby or even aware that someone is accessing your account. ![]() The characters that make up your password - even a very complex one - can be typed into any keyboard anywhere in the world. The goal of two-step verification in general is to make account access more secure by requiring a password plus something else. ![]() Using Security Key means your physical presence (or at least the presence of your keychain) is needed to log into Google, making it all but impossible for a remote attacker to gain access to your account, protecting you from most of the malicious hacks you hear about. You can now use a physical USB device plugged into your computer to access your Google account via Chrome in addition to your password. Google has been offering support for two-step verification for years, but now there's another option for proving you are who you say you are.
0 Comments
Leave a Reply. |