Google’s Chrome browser is taking some headaches out of two-step authentication with Security Key, which lets users sign in using a USB device.
The new sign-in method works with Google services within the desktop Chrome browser. After entering a password, users must then insert a supported USB key, which can be purchased online for as little as $6. Google has posted setup instructions on its Website, along with some answers to common questions.
Previously, signing into Google services with two-step authentication required a verification code. Users could receive the code by text message, generate it through an authenticator app or print it out for offline access. The problem with those methods is that if your phone dies, or it can’t get online, or you forget to bring your printout when signing in on a new machine, you’re stuck. A USB key, by contrast, is easy to keep with you on a keychain or in your laptop bag, and it doesn’t need online access to work.
Why this matters: While device-based authentication isn’t new, Google has become the first major Internet service to support the idea. This is also the first use of two-factor authentication standards from the FIDO Alliance, a group that’s aiming to make online sign-ins easier through open standards. The group counts other tech heavyweights such as Microsoft and Samsung among its members, so hopefully this paves the way for even more USB-based authentication options around the Web.
USB sign-in pros and cons
As Google itself points out, USB-based sign-in isn’t ideal in all circumstances. It’s a non-starter for phones and tablets, which typically don’t have full-sized USB ports, and right now it doesn’t work in any desktop browser besides Chrome.
The up-front cost of the key is another barrier. In some cases it may be easier just to keep getting codes from your phone, especially if you can get desktop text notifications with tools like MightyText or Apple’s new Continuity feature.
Still, FIDO plans to support more than just USB, including contactless methods such as Bluetooth Low Energy and near field communication, so authenticating in the future may not require you to press or insert anything. Sign-in support from a major Internet company like Google is, at the very least, a strong first step.