Editorial StaffGoogle has launched Security Key, Fast Identity Online Universal Second Factor (FIDO U2F) Authentication. It’s the World’s first deployment. And with this deployment Google Chrome has taken the credit of First Web Browser implementing FIDO Alliance Authentication Standards. And any website may deploy simpler, stronger FIDO U2F authentication to its users.
Going deeper into the news: It’s on October 21, 2014 FIDO (Fast Identity Online) Alliance, https://fidoalliance.org, which is a global industry consortium that delivers the open standards for all simpler, stronger authentication has made a announcement that Google has made a launch of Security Key. And Google is its latest member to deploy support for FIDO authentication standards. Google made announcement that it is strengthening the 2 step verification process through supporting Security Key, a FIDO Ready U2F compliant physical USB second factor device. This 2 step verification of Security Key will be the new alternative to the present existing one time pass codes (OTP). And this Security Key will provide simpler & stronger security than this existing six digit one time pass codes (OTP).
In this Google’s new Security Key process instead of typing a security code User has to insert a Security Key into his computer’s USB port & has to tap it when prompted in the Google Chrome browser. And signing in this way into a Google account users remain safe & secured as their second factor will not be phished anymore as Security Key doesn’t provide its cryptographic signature to any fake site that would attempts to sign into account in Google sign in page in Chrome. Security Key works on all Google accounts without any charges but the users must have a compatible USB device which is tested & approved by FIDO Ready U2F Vendor.
“We’re glad to participate in the FIDO Alliance, and to bring FIDO U2F support to Google and to Chrome,” said Sampath Srinivas, Product Management Director at Google and FIDO Alliance board member.
FIDO U2F Authentication advantages:
- FIDO U2F Authentication doesn’t allow phishing or hacking as Security Key works on a 2 step verification process as it uses cryptography & not the verification codes which only work with the actual website only. Security key provides safety & security from hacking.
- FIDO U2F Authentication doesn’t require any data connection & is portable on a key chain or in wallet. And there is no mess of charging or mobile required.
- FIDO U2F Authentication provides & ensures new level of security to user authentication for enterprise networks & consumer cloud services.
- FIDO U2F standards support authentication technologies, including biometrics, such as fingerprint and iris scanners, voice and facial recognition, as well as further enabling existing solutions and communications standards, such as Trusted Platform Modules (TPM), USB Security Tokens, embedded Secure Elements (ESE) Smart Cards, Bluetooth Low Energy (BLE), and Near Field Communication (NFC).
“We congratulate Google for making FIDO U2F authentication an option for their users,” said Michael Barrett, president of the FIDO Alliance. “With large scale deployments of FIDO UAF in payments applications from PayPal, Samsung, AliPay, Nok Nok Labs, and Synaptics, and today’s announcement of FIDO U2F authentication by Google, there is no doubt that a new era has arrived. We are starting to move users and providers alike beyond single-factor passwords to more secure, private, easy-to-use FIDO authentication.”
“Secure element ICs revolutionized security for banking cards, passports and mobile payment,” said Sami Nassar, Vice President and General Manager of Cyber Security Solutions at NXP Semiconductors. “Today, through the FIDO U2F authentication protocol, secure element ICs bring a new level of security to user authentication for enterprise networks and consumer cloud services.”
“Browser support for FIDO U2F is a major step toward scaling high security public key authentication to the mass market,” said Stina Ehrensvard, CEO & the Founder of Yubico, Inc. “With a U2F enabled device, users can now login to Google Accounts and any number of services with FIDO U2F support – with no drivers, client software or middleware needed!”
FIDO Ready devices, authenticators, open source solution & servers are available from these vendors: Duo Security, Entersekt, Infineon, NXp, Nok Nok Labs, Plug-up International, ST Microelectronics, Sonavation, StongAuth, and SurePassID & Yubico.
FIDO U2F Authentication: Security Key Limitations:
- Security Key has a limitation that mobile users are unable to use it as Security Key always needs a USB port to work.
- Security Key works only on Google Chrome browser & it doesn’t work in other browsers.
- Security Key requires a computer with Google Chrome version 38 or newer on Chrome OS, Windows Mac OS or Linux.
Gollapalli Nithin Kumar
