For the longest time now, Google has recommended that users enable two-factor authentication for their accounts on its platforms (and anywhere else, really). But starting today, it is launching a second — even more secure — method for those who really want their accounts to stay safe. With Security Key support, users can now get a physical USB key through third-party providers that will work with Google Accounts and Chrome.
With a Security Key, users don’t have to type in a code. Instead, they plug the key into their computer’s USB port and press the built-in button when prompted. That’s it. With that, you can pretty much guarantee that your cryptographic signature can’t be phished, Google points out. With 2-step verification, there is always a (very, very remote) risk that a hacker could phish your code after routing you to a fake site. Because Security Key uses cryptography instead of a verification code, Google argues, it offers a better level of security.
Of course, if you only access your account on a mobile device, a USB key isn’t going to work. And neither will you be able to use this if you don’t use Chrome (starting with version 38 on Chrome OS, Windows, Mac and Linux). In that case, two-step verification remains the best option.
Very few people will probably want to buy a Security Key for their personal accounts, but it’s not unlikely that some business will opt in to this system to ensure their accounts are extra safe.