cageymaru
Fully [H]
- Joined
- Apr 10, 2003
- Messages
- 22,060
Google has discovered that the key to eliminating successful phishing attempts at the company is to give employees physical security keys. The new USB devices make security easy as they use the open source Universal 2nd Factor (U2F) and only require a simple press of a button to authenticate a supported website. In the future the Web Authentication API will eliminate the need for users to type in a password. Here are some of the devices for sale at Yubico.
The most common forms of 2FA require the user to supplement a password with a one-time code sent to their mobile device via text message or an app. Indeed, prior to 2017 Google employees also relied on one-time codes generated by a mobile app — Google Authenticator.
In contrast, a Security Key implements a form of multi-factor authentication known as Universal 2nd Factor (U2F), which allows the user to complete the login process simply by inserting the USB device and pressing a button on the device. The key works without the need for any special software drivers.
The most common forms of 2FA require the user to supplement a password with a one-time code sent to their mobile device via text message or an app. Indeed, prior to 2017 Google employees also relied on one-time codes generated by a mobile app — Google Authenticator.
In contrast, a Security Key implements a form of multi-factor authentication known as Universal 2nd Factor (U2F), which allows the user to complete the login process simply by inserting the USB device and pressing a button on the device. The key works without the need for any special software drivers.