Google is launching its own USB-based hardware security keys

Ajustar Comentario Impresión

None of Google's employees have had their work-related accounts compromised since mandating physical keys in early 2017, a Google spokesperson told the KrebsonSecurity website.

Google says that they have not had a single successful phishing attack for about 18 months following the introduction of physical security keys.

The Google-designed keys are initially being made available to Google Cloud customers and then will be sold via the Google Store. So far only 10 per cent of Gmail users have multi-factor protections enabled seven years after the security was added to the webmail service. The biggest internet services, such as Google, Facebook and Twitter, actually already offer this security solution and you can use it now for free.

For the past two years, Google has given its employees Yubikeys despite the fact that it runs and maintains its own Google Authenticator app. The devices, which may be purchased for as cheap as $20, offer an alternative approach to two-factor authentication. After logging into a Google account with your username and password, you have to either plug in the USB key or connect to the Bluetooth dongle.

Apart from confirming its interest towards security keys, Google at Cloud Next announced its Edge TPU (Tensor Processing Unit) that comes as a purpose-built ASIC chip to run TensorFlow Lite models. That means that when you log in with a user name and password, you have to enter a second code, which is usually texted to you or delivered through an app. It is possible to intercept the codes sent through SMS, though, so physical security keys are the more secure version. Google has went a step ahead to provide provide physical USB security keys.

Google is launching its own USB-based hardware security keys
Google is launching its own USB-based hardware security keys

With any luck, more sites soon will begin incorporating the Web Authentication API - also known as "WebAuthn" - a standard put forth by the World Wide Web Consortium in collaboration with the FIDO Alliance.

Google is advancing the security features for its Cloud customers.

In the US, Google's Titan Key will be launched next summer; and as of now, there is no news of its launch in India. The whole tech industry is also working to roll out new login standards that'll help make support for the keys universally accepted.

Besides this, various tech firms - including Apple, Qualcomm and Intel - are now fixing a critical Bluetooth flaw, caused by a validation problem with some vendors' implementation of the cryptographic key exchange, that could allow a man-in-the-middle attack when two devices are pairing.