Is a physical key the next step in digital security?
Google officials are now selling the Titan key, which works similar to two-step authentication when you log in online.
Coverage of Google on Globalnews.ca:
Only this time, instead of receiving a code from a secondary device, you plug a key into a USB port to make sure it’s really you when you input your information.
The key look a lot like any other – just with a male USB port instead of teeth – and it’s also available in Bluetooth.
It uses the FIDO-approved protocol, which means it’s compatible with most two-factor authentication.
Other versions of the key, such as the Yubico brand of keys that Google employees use, also use near-field communication (NFC) instead of Bluetooth, which Yubico claims is more secure.
So why is it more secure?
“The main advantage is that the user who is logging in has to have physical possession of the key, which means it is potentially harder for attackers to get the key,” Karthik Pattabiraman, assistant professor at the University of British Columbia told Global News.
Officials at the tech giant said none of their 85,000 employees have been victimized by phishing scams since they started using it.
(A phishing scam sees a user taken to a fake site where they enter their user login and password, which is then stored and used by the scammers.)
“We have had no reported or confirmed account takeovers since implementing security keys at Google,” a spokesperson told Gizmodo.
“Users might be asked to authenticate using their security key for many different apps/reasons. It all depends on the sensitivity of the app and the risk of the user at that point in time.”
But that doesn’t mean it’s going to protect everyone all the time, Pattabiraman warned.
He said it’s still important to keep up good security practices like having a secure password.
“Using a physical key may lull users into a false sense of security and make them engage in risky behaviors, such as sharing their passwords freely online or not using different passwords for different accounts,” he explained.
As digital security becomes more important, Pattbiraman said users will have to be OK with giving up the convenience they’re used too — and sometimes that means carrying a physical key around.
“I suspect that we will see more and more of these physical security mechanisms as computation becomes more pervasive and extends into the physical wold,” he explained.
“But then this also requires users to be OK with giving up a little of convenience for the sake of security, perhaps — this remains to be seen.”