The USB Security Key: More Protection for your Online Accounts?
The launch of Google’s new Inbox, a new app and web service that set out to redefine how we organize our emails, has overshadowed another update from Google regarding account safety and email security. Google has added another option to its two-step verification solution: a USB-stick.
Let’s first clarify what a two-step security process is. To put it in Google’s own words:
“With 2-Step Verification, you’ll protect your account with something you know (your password) and something you have (your phone or Security Key).”
Essentially, your password for your various online accounts – ranging from email to online banking – can be hacked in various ways. We have all heard of lists with email passwords floating around in the internet as a result of security breaches. Having only one layer of security is frankly not enough if you want your account to be adequately secured. That is why various online service providers have introduced a second layer. This layer is essentially another piece of information that is generated on another device and/or with a different system. For example, an app or a small hand-held code generator (often used for online banking) produces a verification code that is uniquely crafted for your account. You then use that code in the second step of the login process to access your account. It’s like a second line of defense. If someone gets hold of your password, they most likely will not have the verification code to get them through step two. Now, the verification code is only one example of how to create a second security level, but I hope you get the idea.
The USB stick will now further increase the security according to Google:
- Better protection against phishing. With 2-Step Verification, Google requires something you know (your password) and something you have (like your phone) to sign in. Google sends a verification code to your phone when you try to sign in to confirm it’s you. However, sophisticated attackers could set up lookalike sites that ask you to provide your verification codes to them, instead of Google. Security Key offers better protection against this kind of attack, because it uses cryptography instead of verification codes and automatically works only with the website it’s supposed to work with.
- No mobile connection or batteries needed. Security Key works without a data connection, and you can carry it wherever you go on a key chain or in your wallet.
The limitations: You must have the latest version of Chrome (Version 38) installed on your Mac, Windows, Chrome or Linux system. Also, this system will only work if you actually have the USB with you. So, if you are someone who loses keys and other small things, think twice about getting one. Also, this system does not work with phones, as these don’t have USB ports. Lastly, you must of course also have a Gmail account. Yahoo and most other providers currently do not offer a solution with a USB security key. However, keep in mind that they still do offer other two-step verification systems. You can find the option for Yahoo accounts here.
This system is yet another important step in making the information you have online safer. The information stored in our email inboxes, on our cloud-based databases or in our online banking accounts is invaluable. Just having a password is a weak defense against intruders – both private and public. Having such a device will still not give you total safety, but it certainly makes life harder for those wanting access without permission.
The USB Security key may be the right solution, if you feel strongly about protecting your Gmail account. You can buy the USB sticks on Amazon. The prices range from 5 USD to 60 USD.