How To: Lock Down Your Google Account with Google's New Physical Key

How To: Lock Down Your Google Account with Google's New Physical Key
While most of us don't think twice about dragging a pattern or using Touch ID to open our phones, or entering a password in for our email and bank accounts, these features are there to protect some of our most private information. Only problem is, they don't do a good job of it.Passwords and PINs can easily be hacked, and if your password were ever leaked onto the web, or your bank PIN discovered, there would be no other security barrier to prevent a hacker or thief from accessing your account besides maybe some "strong" authentication challenge questions.That's why some companies have implemented two-step verification (and even the more secure multi-factor authentication) for their websites. Apple currently offers two-step verification for Apple IDs, and Google also offers it for Google Accounts.

How 2-Step Verification Works for Google AccountsFirst, a user logs into their device using their regular password. Once that password is confirmed, a code will be sent to your mobile device (one previously set up with the two-step verification process). Next, the user enters in the verification code that they received on their device in order to finally log in. Google states: "2-Step Verification adds an extra layer of security to your Google Account, drastically reducing the chances of having the personal information in your account stolen. To break into an account with 2-Step Verification, bad guys would not only have to know your username and password, they'd also have to get a hold of your phone."

Now There's 2-Step Verification with Security KeyTo make things even more secure, Google is providing another option for the two-step verification process, strengthening it and perhaps even simplifying it. Where users had to login with their password and then type in the security code sent to their phone, this new method requires a password and physical key to be connected to a USB port on your PC, Mac, or Chromebook. Note that the option for using the verification code is still there. As Google states on their blog, this new Security Key feature makes it even harder for a security lapse to occur."Security Key is a physical USB second factor that only works after verifying the login site is truly a Google website, not a fake site pretending to be Google. Rather than typing a code, just insert Security Key into your computer's USB port and tap it when prompted in Chrome. When you sign into your Google Account using Chrome and Security Key, you can be sure that the cryptographic signature cannot be phished."While someone could technically find your phone number and hack your password or setup a fake Google page (to phish) for your password, even if they get it, it'd be physically impossible for them to login without also getting their hands on your Security Key. On the flip side, if someone stole your Security Key, they would need your password for it to be of any use.The new login process adheres to the Universal 2nd Factor (U2F) protocol from the FIDO Alliance. What does that mean? Since these keys are being built using the open-source FIDO standard, other sites could incorporate the same security measures, meaning you could log into Facebook or Outlook with your password and that same USB Security Key. This also mean that flash drive in your drawer probably isn't up to protocol.You can find compatible USB keys on Amazon or from other retailers for anywhere from $6 to $60, depending on the supported protocols and form factor. Here are the compatible keys Google recommends that support FIDO U2F Authentication:Plug Up International Yubico Yubico NEO-n Yubico NEO
What Else Should I Know?This process also does not have to be limited to USB. In the future, expect to see Bluetooth, NFC, and other methods creep into this arena. Here are some more things you should know.
1. Gotta Love ChromeUsing the Security Key with Gmail only works on Chrome. If you use another browser to log into your Gmail account, you will have to use the regular login or the classic two-step verification method.
2. Make Sure Your System Is SupportedTo use a Security Key, you'll need a computer running Google Chrome version 38 or newer on Chrome OS, Windows, Mac OS X, or Linux.

3. You Need a USB PortYou cannot use the Security Key on a device without a USB port. Now this may seem obvious, but for people that use their phone or tablet, you will not be able to log in this way. There are some Security Keys, like the Yubico NEO, that support NFC, but U2F does not by default just yet. So, you will need to use the standard two-step verification with your cell phone number. Image via Yubico
4. Don't Lose ItIf you lose your security key, you will have to buy another one, and that sucks.
5. No Data or Battery RequiredUnlike the mobile phone method, you will never be stuck unable to login because your phone is dead and cannot receive the code. Your Security Key will work whenever, wherever (unless, of course, your laptop is dead and you forgot your cord). You just need to have it on hand. A keychain isn't a bad place to put it.
6. You Can Use Any Supported KeyIf you want to have one key to use at work and another key to use at home, you can do that. The key is just one step of the process and isn't coded to your particular account. Your password and login information is your identifier; the key just confirms that you are on a safe-to-use Google site.Again, here are the keys Google recommends:Plug Up International Yubico Yubico NEO-n Yubico NEO Learn more about using a Security Key here.There are many businesses that use a similar process, but this is one of the few times it's being made for a giant consumer population like Google's. Single-step verification is what many people are used to, as it's easy to do.For those looking for more security on their Gmail and all the other sensitive information Google has on you, the two-step process is a safer route to take. Especially considering the fact that your email account is the key to all of your other accounts, since most websites allow you to reset your password via email."There is no doubt that a new era has arrived," said FIDO Alliance President Michael Barrett in an official statement. "We are starting to move users and providers alike beyond single-factor passwords."Once you've purchased your key, get started with the new two-step verification process here.
Cover image via Shutterstock



In a classic case of one step forward, two steps back, Apple has eliminated the ability to use multiple iCloud accounts for FaceTime and Messages in iOS 11, meaning the primary Apple ID on the account is the only one allowed. As inconvenient as this omission is, there's still a way to use alternate
Sign in to iCloud - Apple


One caveat: In order for you to share a story post the original poster needs to have a public account. That means that even if they're your friend and you can see the post, you won't be able
Here's how you can share your friends' Instagram stories in


A mechanically powered flashlight is a flashlight that is powered by electricity generated by the muscle power of the user, so it does not need replacement of batteries, or recharging from an electrical source. There are several types which use different operating mechanisms.
L.L.Bean Flashlights | Premium Quality, Built To Last
AD


One of the headlining features in Samsung's One UI update is a new dark mode that turns stock apps and system menus black. But something you may have missed is what this theme does to the Samsung Internet app and all the websites you visit. When the system-wide "Night theme" option is enabled in
How To: Activate Modules After Installation in Xposed Installer


How to Download and Install Opera Mini Handler Apk 2019 on Android. At first, you have to follow the below steps to download and install Opera Mini Handler Apk 2019. Installing the Opera Mini Handler app is mandatory, without it you won't be able to surf the web. Just make sure you have sufficient storage available on your Android device.
Opera Mini APK for windows phone free download


The Private Photo Calculator App was extremely popular in 2016. There are now hundreds of apps that allow students to hide their inappropriate photos behind an innocent looking calculator app (or another style of app that looks innocent). These apps are popular because they help a student to hide their behavior from their parents.
Private Calculator: app hides your secret files - USA TODAY

How to replace a stuck or broken iPhone power button: The


:) Download Snapchat for iOS and Android, and start Snapping with friends today. Snapchat lets you easily talk with friends, view Live Stories from around the world, and explore news in Discover. Life's more fun when you live in the moment!
A briefing on the history of Snapchat updates - finance.yahoo.com


With Hearthstone's latest expansion Witchwood just a few days away, the development had their card reveal Livestream during which we also learned of a new feature coming to the game. Called Borrowed Decks it, as you can guess, will let you borrow your friend's deck and even use it against them
Hearthstone's next update will let you borrow a friend's deck


Ars Technica stumbled upon a bit of an Easter Egg in the Pixel's implementation of Assistant, and it's pretty bonkers. If you tell the phone "I'm feeling lucky," it goes into full game show host mode.
15 Cool Google Assistant Tricks You Should Try - Beebom


The Notification dots are one of the remarkable features coming with the Android 8.0 Oreo update. Apple iOS got them a long time back, now they have arrived to Android with Oreo. After updating to Android 8.0, on the home screen of Galaxy S6, apps will show small blobs on the corner of the icons when any new notifications arrived for them.
Here's what changed in the new Android Oreo update for the


Search the world's information, including webpages, images, videos and more. Google has many special features to help you find exactly what you're looking for.
The Google+ Project: Google's Social Network Takes On


New Lock Screen Widgets, Today View And Rich Notifications At a system level, a lot has changed with iOS 10. Slide to unlock is dead as part of an entirely new Lock Screen design.
These 10 widgets belong on your iPhone's lock screen - CNET

iPhone X Roundup — Everything You Need to Know About Apple's


How to Use Voice Command for Google Maps by Edward Mercer Whether your hands are busy or you just can't remember how to spell "Poughkeepsie," voice commands on Google Maps can be a very useful feature for finding maps and directions quickly and without typing.
How To: Use voice commands in Google Maps for hands-free

0 comments:

Post a Comment