How To: Lock Down Your Google Account with Google's New Physical Key

How To: Lock Down Your Google Account with Google's New Physical Key
While most of us don't think twice about dragging a pattern or using Touch ID to open our phones, or entering a password in for our email and bank accounts, these features are there to protect some of our most private information. Only problem is, they don't do a good job of it.Passwords and PINs can easily be hacked, and if your password were ever leaked onto the web, or your bank PIN discovered, there would be no other security barrier to prevent a hacker or thief from accessing your account besides maybe some "strong" authentication challenge questions.That's why some companies have implemented two-step verification (and even the more secure multi-factor authentication) for their websites. Apple currently offers two-step verification for Apple IDs, and Google also offers it for Google Accounts.

How 2-Step Verification Works for Google AccountsFirst, a user logs into their device using their regular password. Once that password is confirmed, a code will be sent to your mobile device (one previously set up with the two-step verification process). Next, the user enters in the verification code that they received on their device in order to finally log in. Google states: "2-Step Verification adds an extra layer of security to your Google Account, drastically reducing the chances of having the personal information in your account stolen. To break into an account with 2-Step Verification, bad guys would not only have to know your username and password, they'd also have to get a hold of your phone."

Now There's 2-Step Verification with Security KeyTo make things even more secure, Google is providing another option for the two-step verification process, strengthening it and perhaps even simplifying it. Where users had to login with their password and then type in the security code sent to their phone, this new method requires a password and physical key to be connected to a USB port on your PC, Mac, or Chromebook. Note that the option for using the verification code is still there. As Google states on their blog, this new Security Key feature makes it even harder for a security lapse to occur."Security Key is a physical USB second factor that only works after verifying the login site is truly a Google website, not a fake site pretending to be Google. Rather than typing a code, just insert Security Key into your computer's USB port and tap it when prompted in Chrome. When you sign into your Google Account using Chrome and Security Key, you can be sure that the cryptographic signature cannot be phished."While someone could technically find your phone number and hack your password or setup a fake Google page (to phish) for your password, even if they get it, it'd be physically impossible for them to login without also getting their hands on your Security Key. On the flip side, if someone stole your Security Key, they would need your password for it to be of any use.The new login process adheres to the Universal 2nd Factor (U2F) protocol from the FIDO Alliance. What does that mean? Since these keys are being built using the open-source FIDO standard, other sites could incorporate the same security measures, meaning you could log into Facebook or Outlook with your password and that same USB Security Key. This also mean that flash drive in your drawer probably isn't up to protocol.You can find compatible USB keys on Amazon or from other retailers for anywhere from $6 to $60, depending on the supported protocols and form factor. Here are the compatible keys Google recommends that support FIDO U2F Authentication:Plug Up International Yubico Yubico NEO-n Yubico NEO
What Else Should I Know?This process also does not have to be limited to USB. In the future, expect to see Bluetooth, NFC, and other methods creep into this arena. Here are some more things you should know.
1. Gotta Love ChromeUsing the Security Key with Gmail only works on Chrome. If you use another browser to log into your Gmail account, you will have to use the regular login or the classic two-step verification method.
2. Make Sure Your System Is SupportedTo use a Security Key, you'll need a computer running Google Chrome version 38 or newer on Chrome OS, Windows, Mac OS X, or Linux.

3. You Need a USB PortYou cannot use the Security Key on a device without a USB port. Now this may seem obvious, but for people that use their phone or tablet, you will not be able to log in this way. There are some Security Keys, like the Yubico NEO, that support NFC, but U2F does not by default just yet. So, you will need to use the standard two-step verification with your cell phone number. Image via Yubico
4. Don't Lose ItIf you lose your security key, you will have to buy another one, and that sucks.
5. No Data or Battery RequiredUnlike the mobile phone method, you will never be stuck unable to login because your phone is dead and cannot receive the code. Your Security Key will work whenever, wherever (unless, of course, your laptop is dead and you forgot your cord). You just need to have it on hand. A keychain isn't a bad place to put it.
6. You Can Use Any Supported KeyIf you want to have one key to use at work and another key to use at home, you can do that. The key is just one step of the process and isn't coded to your particular account. Your password and login information is your identifier; the key just confirms that you are on a safe-to-use Google site.Again, here are the keys Google recommends:Plug Up International Yubico Yubico NEO-n Yubico NEO Learn more about using a Security Key here.There are many businesses that use a similar process, but this is one of the few times it's being made for a giant consumer population like Google's. Single-step verification is what many people are used to, as it's easy to do.For those looking for more security on their Gmail and all the other sensitive information Google has on you, the two-step process is a safer route to take. Especially considering the fact that your email account is the key to all of your other accounts, since most websites allow you to reset your password via email."There is no doubt that a new era has arrived," said FIDO Alliance President Michael Barrett in an official statement. "We are starting to move users and providers alike beyond single-factor passwords."Once you've purchased your key, get started with the new two-step verification process here.
Cover image via Shutterstock



What you need to know about your location history timeline Here's what you can do with Google's saved location information, why it's worth holding onto, or how to get rid of it for good.
AP Exclusive: Google tracks your movements, like it or not


Spy Helicopter Camera : Make Your Own! | Cool DIY Project How To Turn Your Toy Helicopter Into A Spy off the internet and decided to pimp it to be a spy chopper and a RC. I got a twenty
How to Mod an ordinary webcam into a super spy scope « Hacks


My husbands man cave has been needing a nice backlit sign for a good while now. In an effort to avoid the typical bar room neon look, I decided to build him a custom sign with full color LED strips that are fully adjustable on a color wheel, directly from his cell phone. We agreed on "The
LED strip lights examples for signs | LED Signage Retrofits


News Analysis. With iPadOS, Apple's dream of replacing laptops finally looks like a reality its keyboard case, and the ever-so-portable Magic Mouse. This particular setup also works
How to Set Up & Use an Android Wear Smartwatch on Your iPhone


How do I Quit IRB from the command line? (Using terminal on mac) tagged ruby-on-rails terminal irb or ask new Terminal Tab from command line (Mac OS X) 660.


Instagram recently rolled out their new Layout app that helps users build photo collages more easily, and it's quick and easy to use with great results. Unfortunately, only those with an iOS device can enjoy Layout at the moment, with the Android version slated for release "in the coming months."
How to Upload Your Photos to Instagram—Without an Android or


Restart Apache and visit your virtual host URL, in our case it's "wordpress.localhost" and check whether the domain has been set up successfully. Since the setup of Virtual Hosts for WordPress Website with XAMPP is done, here is what the final results would look like: Final Words. That's it! I hope you have a clear idea of setting up
XAMPP Tutorial: How to Use XAMPP to Run Your Own Web Server


In the 111th episode of the iPhone Life Podcast, tune in as Sarah and David review all of the iOS 13 features we're expecting Apple to unveil for the iPhone and iPad on June 3 at the Worldwide Developers Conference. And tune in next week on June 3 for our special post-WWDC episode where we'll discuss everything Apple announces.
iOS 12: best new features - cnbc.com

How to Solder a wire onto a switch when building circuits


As one of the favorite social tools, Snapchat had nearly 160 million daily active users by the end of 2016. With so many users it's no wonder that cyber criminals would like to gain access to your Snapchat account.
How to tell if your Snapchat has been hacked, and how to get


How To: Make an ISO file to install & play Final Fantasy 7 PC How To: Use your PS3 controller on your PC How To: Install a Gameboy Advanced (Gba) emulator on a Blackberry How To: Play Call of Duty 4 on the PC using a PS3 remote
How to Put a Gameboy & Gameboy Color emulator on your R4/M3


DarchLegend1.5 Rom for HTC Hero CDMA Rooted of the HTC Legend DarchLegend v5.0.5 is now up If You have any issues, it'd be wise to check out the first post to see if your issues have been acknowledged.
Rooted, no custom ROM - want new Sprint 2.1 - HTC Hero


To ensure your phone's security, you can set up a password, PIN, or Pattern. That way, even if someone gets their hands on your phone, they won't be able to access it. From Settings, swipe to and touch Lock screen. Then, touch Screen lock type and select your desired type of lock. Follow the on-screen instructions to set it up.

0 comments:

Post a Comment