Google today announced it’s offering an enhanced two-step verification service that utilizes a physical USB key for users that are particularly concerned about security. The feature currently works in Chrome and is free to Google users, but Google notes it’s supporting the open Universal 2nd Factor (U2F) protocol from the FIDO Alliance, which will allow other login systems to support the standard:
Today we’re adding even stronger protection for particularly security-sensitive individuals. Security Key is a physical USB second factor that only works after verifying the login site is truly a Google website, not a fake site pretending to be Google. Rather than typing a code, just insert Security Key into your computer’s USB port and tap it when prompted in Chrome. When you sign into your Google Account using Chrome and Security Key, you can be sure that the cryptographic signature cannot be phished.
Google points out some of the benefits of using Security Key on an FAQ for the service. In comparison to using two-step verification codes sent to a mobile device, the Security Key offers even better protection but doesn’t require a mobile data connection or batteries. Google also says it offers better protection against phishing “because it uses cryptography instead of verification codes and automatically works only with the website it’s supposed to work with.”
Users interested in taking advantage of the Security Key feature will have to purchase a U2F-certified USB device to do so.