The Google-designed keys are initially being made available to Google Cloud customers and then will be sold via the Google Store. So far only 10 per cent of Gmail users have multi-factor protections enabled seven years after the security was added to the webmail service. The biggest internet services, such as Google, Facebook and Twitter, actually already offer this security solution and you can use it now for free.
For the past two years, Google has given its employees Yubikeys despite the fact that it runs and maintains its own Google Authenticator app. The devices, which may be purchased for as cheap as $20, offer an alternative approach to two-factor authentication. After logging into a Google account with your username and password, you have to either plug in the USB key or connect to the Bluetooth dongle.
Apart from confirming its interest towards security keys, Google at Cloud Next announced its Edge TPU (Tensor Processing Unit) that comes as a purpose-built ASIC chip to run TensorFlow Lite models. That means that when you log in with a user name and password, you have to enter a second code, which is usually texted to you or delivered through an app. It is possible to intercept the codes sent through SMS, though, so physical security keys are the more secure version. Google has went a step ahead to provide provide physical USB security keys.
Mandatory keys cut successful phishing attacks on Google to zero
With any luck, more sites soon will begin incorporating the Web Authentication API - also known as "WebAuthn" - a standard put forth by the World Wide Web Consortium in collaboration with the FIDO Alliance.
In the US, Google's Titan Key will be launched next summer; and as of now, there is no news of its launch in India. The whole tech industry is also working to roll out new login standards that'll help make support for the keys universally accepted.
Besides this, various tech firms - including Apple, Qualcomm and Intel - are now fixing a critical Bluetooth flaw, caused by a validation problem with some vendors' implementation of the cryptographic key exchange, that could allow a man-in-the-middle attack when two devices are pairing.