Passwords are not safe now. You may be thinking that you have a 2-step authentication process and your account is safe. But, think again. Is it really safe? Google has come up with a new gadget to save your accounts and make them more secure.
How does it works?
First of all, you will have to associate your USB key with your account. Once it is done, you’ll be prompted to insert the device into the system each time you enter a password to log in. You can also choose the once in a month option if you use a computer frequently. There is a button on the USB key and touching that button triggers a cryptographic exchange with Google’s login systems that verifies the key’s identity.
This new device is primarily made for the security-conscious persons. Manual passwords can be hacked or guessed and Google has been working on this key all because it wants to replace passwords and come up with something more secure and safe. This is a very welcome step as few month age Google announced a feature that it will be possible automatically unlock and log into a Chromebook when your Android smartphone is nearby the device.
Many web companies and banks are providing two factor authentication process to log into your account. In this process, you have to log in with a password ad a code which is tied to something which is in your possession. Most of the time it comes via a text message, phone app or a key fob.
This process was designed to prevent accounts from being hacked. It is a secure method and somewhat it do protects the account. But Apple did not used it and we all know that it is no safe. For example, just few days ago we came to know that someone has hacked iCloud backup service and has leaked celebrity’s photos.
However, two-factor authentication is not so safe and can be hacked. Hackers can steal or spoof code by intercepting text messages which include hacking the user’s smartphone or hacking into the main database which generated these codes.
The security key offered by Google is resistant to remote attacks all the important information can be copied only by physically attacking a security chip inside that key. Many companies are working on it and all those who pay Google for e-mail and office software will soon be providing security keys to their employees.
The gadget is built on an open platform called U2F which is developed by the FIDO Alliance. If other companies choose to adopt the technology than the security key could be used with those services other than Google’s.
It can be expected that the future versions of the security key will work with mobile devices. This can be made possible because the final U2F standard will specify that a key can include a contactless near-field communications chip that most new smartphones can read wirelessly.