Also, the security key doesn’t work for Google properties on anything other than Chrome. Unlike a one-time token approach, the security key does not rely on mobile phones (so no batteries needed), but the downside is that it doesn’t work for mobile-only users because it requires a USB port.
As Google notes in a support document, security key “offers better protection against this kind of attack, because it uses cryptography instead of verification codes and automatically works only with the website it’s supposed to work with.” For several years, Google has offered an approach that it calls “ 2-step verification,” which sends a one-time pass code to the user’s mobile or land line phone.Ģ-step verification makes it so that even if thieves manage to steal your password, they still need access to your mobile or land line phone if they’re trying to log in with your credentials from a device that Google has not previously seen associated with your account. The approach announced by Google today essentially offers a more secure way of using the company’s 2-step authentication process. The U2F standard (PDF) is a product of the FIDO (Fast IDentity Online) Alliance, an industry consortium that’s been working to come up with specifications that support a range of more robust authentication technologies, including biometric identifiers and USB security tokens.
0 kommentar(er)
