Google is giving users of its services an extra
security option, on top of its existing procedures and protocols, with a physical token. The search company's "
Security Key" is allowing for users to nominate a USB drive to allow access to the Google account when it is plugged into a computer's USB port, as an alternative to the two-step verification process.
Security Key requires the use of a drive that is compatible with the open Universal 2nd Factor (
U2F) protocol from the FIDO Alliance, writes
the Google Online Security Blog, though setting up Security Key on the drive is free. When enabled, Security Key will only allow access to the account once it verifies the log-in page as being owned by Google, rather than a phishing site.
While it is a useful security scheme, it does have a few issues. Ignoring the requirement for a drive compatible with FIDO U2F, it also mandates the use of Chrome version 38 or later, though Google hopes other browsers will adopt the system in the future. It is also limited to desktop or notebook computers, so it will not work for accessing accounts on mobile devices, though incompatible devices will still work using a verification code.
Despite the shortcomings, Security Key is likely to be welcomed by users, especially considering the large number of
data breaches at major retailers over the past year.