Google Expands 2-Factor Authentication For Chrome, Gmail

Google issues USB keys for Chrome users to log into Google accounts and any other websites that support FIDO universal two-factor authentication -- but it's no help to mobile users.

Sara Peters, Senior Editor

October 22, 2014

1 Min Read

Google today expanded two-factor authentication (2FA) for Google account users and opened the door for other websites to offer 2FA to customers who visit their sites through Google Chrome.

Google launched support for Security Key, making Chrome the first browser to implement support for Fast Identity Online (FIDO) Universal Two-Factor (U2F) Authentication -- an open-source standard that lets users log in with a password and a variety of physical devices. Those devices may include USB keys, Bluetooth devices, NFC, biometrics, and smartcards, but for now Google only supports USB keys that are "FIDO-ready."

Google will continue to offer Google account holders its existing two-factor authentication method, in which a user manually enters a six-digit code sent to their mobile phone. However, as the company explains:

...sophisticated attackers could set up lookalike sites that ask you to provide your verification codes to them, instead of Google. Security Key offers better protection against this kind of attack, because it uses cryptography instead of verification codes and automatically works only with the website it's supposed to work with.

The drawback of Security Key, of course, is that it only works on devices that have USB ports -- thereby counting out most mobile phones and Apple devices.

Several companies recently released new lines of FIDO-ready devices -- including Duo Security, Entersekt, Infineon, NXP, Nok Nok Labs, Plug-up International, ST Microelectronics, Sonavation, StrongAuth, SurePassID, and Yubico.

About the Author(s)

Sara Peters

Senior Editor

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad of other topics. She authored the 2009 CSI Computer Crime and Security Survey and founded the CSI Working Group on Web Security Research Law -- a collaborative project that investigated the dichotomy between laws regulating software vulnerability disclosure and those regulating Web vulnerability disclosure.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights