Internet giant supporting multiple tokens for two-factor authentication
Google is no stranger to multi-factor authentication having launched the Google Authenticator app in 2011. The app enables users to use their smart phone to create a one-time passcode as an additional authenticator for access to Google Drive.
The Internet giant announced that its deploying the FIDO Alliance authentication standards and that Google Chrome will support the standards that aims to make it easier to deploy FIDO Universal 2nd Factor authentication.
Google will continue to support its app, but is also adding support for the Security Key, according to a Google Security Blog post. The Security Key is a physical USB token. Rather than typing a one-time passcode, users insert Security Key into a computer’s USB port and tap it when prompted in Chrome. When individuals sign into the Google Account using Chrome and Security Key, users can be assured that can be sure that the cryptographic signature cannot be phished.
Security Key and Chrome incorporate the open Universal 2nd Factor protocol from the FIDO Alliance, so other web sites with account login systems can get the specification working in Chrome too. Google is also hoping that other browsers will add FIDO support, as well. As more sites and browsers come onboard, security-sensitive users can carry a single Security Key that works everywhere the FIDO specification is supported.
To begin using FIDO U2F authentication today, there are FIDO Ready devices, authenticators, open source solutions, and servers available now directly from the following vendors: Duo Security, Entersekt, Infineon, NXP, Nok Nok Labs, Plug-up International, ST Microelectronics, Sonavation, StrongAuth, SurePassID and Yubico. Prices for some of the keys ranged from $6 to $50.