What Google's Security Key is and How it Works

What Google's Security Key is and How it Works

by Gary Oldwood on 22 October 2014 · 3625 views

Google added one more layer of protection in Google accounts called Security Key. It’s relevant to the 2-factor verification technique, since it works by replacing the primary authentication factor (i.e. verification codes sent to your phone) with another method that allows for the authentication of your identity with the help of a physical device connected to a USB port. The good thing is that the code verification method can be used alternatively, if you can’t use your Security Key. Itsounds good, but let’s see more thoroughly how it works.

Security Key Demonstration

Description of the Security Key

When you enable 2-step authentication for your Google accounts, you can now use Security Key as your primary authentication method. Until now you had to have a code sent to your phone and typed into the form in order to login, but now this process can be overridden if you have your Security Key with you.

Security Key is a special USB device that connects to your computer and its only job is to authenticate your account under certain circumstances. In this case, Google uses the “FIDO Universal 2nd Factor (U2F)” open standard by FIDO Alliance, so any device that is compliant with it can be used as a Security Key. Look for this logo to make sure a device complies with FIDO U2F:

FIDO U2F Logo.

Google recommends looking into Amazon for this type of devices.

After acquiring a Security Key, the only requirement is that you use Google Chrome version 38 and up on ChromeOS, Windows, Mac OS, or Linux. This means that the method will not work on older versions of Google Chrome or other browsers (such as FireFox and Internet Explorer). This is due to the fact that other browsers have not incorporated FIDO U2F yet and therefore this authentication method cannot be applied in them. Security Key cannot be used in handheld devices either, since it requires a USB port.

So whenever you want to login with your Security Key, you use your credentials normally to log into your Google account, then Chrome will ask you to plug in your Security Key. The authentication will then succeed (or fail!) and you will be logged into your account.

How to Add Security Key to your Google Account

How to Add Security Key

To use Security Key, you must first have 2-step verification enabled (read the instructions on how to enable it here). Then go to the Security Keys page in Google, where you will be explained in clear terms how to add your Security Key to your Google Account. It’s pretty easy actually, since the only thing you have to do is click on “Register” located on the middle of the page and insert your Security Key to the USB port (if your Security Key has a button or gold disc, tap it after inserting it- more details here). That’s all there is to it.

Now whenever you want to login to your Google Account you only have to type your credentials and insert the Security Key. If for some reason you are not able to insert the Security Key, you can still use the verification code method to login. This article covers the most common question regarding Security Key and its functionality, so give it a visit if you are having issues with the method.

Do you think this will significantly help increase security in Google? Or will it be exploited and used for bad purposes? Let us know your thoughts in the comments below!

Comments (0)
Featured Articles