With all the problems of security that have been reported in recent times, both users and companies are exploring different methods to protect accounts and servers. One of the most recommended methods is the two-step verification , but now Google announced the ability to use a USB key special, generating an extra layer of protection.
The two-step verification basically requires the user to enter an additional code (created in the moment and valid for single use) , received via a smartphone or a mobile phone, before gaining access to your account. Such verification may be uncomfortable, but in the end, everything added security process falls into the same group. Now, is it necessary? Unfortunately, most users are familiar with the use of two-step verification when it is too late. We must also consider how important the bill for one person, and what kind of services is linked. For Google activate the check is very simple but those who are not convinced or who believe that sending a code to the smartphone is a weak way to protect an account, have no alternative.
In essence, it is a USB key compatible with the FIDO U2F Alliance standard (where Google, Microsoft, PayPal, Visa and participate Lenovo, among others) . By accessing your account, instead of typing the code received via smartphone, the user is connected to a USB key and press the button when Google Chrome indicates. The first advantage of the USB key is your protection against phishing, because it only works with legitimate Google portals and not imitations looking to steal information. The second is obviously removing the smartphone from the equation. Like any other USB flash drive, USB key that does not need batteries or mobile connection to operate and be of good faith how unpleasant it may be awaiting an SMS with the network provider of fall .
The negatives of the USB key are limited to two very important personal preference. If only you access the web with mobile devices , it is impossible to connect the key and at the same time, this additional physical verification is only compatible with Google Chrome. Personally, the latter is what bothers me.If U2F is a standard, it should at least work with Internet Explorer (Microsoft “is” part of the alliance, after all) . What is the value of these keys? The average is about $ 18 . Yubico is one of the major suppliers, although there are several options floating on the web. Still, Google recognizes that the adoption will be slow. Be still more technical details (eg what happens if I lose the key and how replacement) , but so far seems like a good idea.