Google makes two-step authentication easier with the launch of USB key support
Google today announced support for Security Key, an open standard that allows users to long in to an account with a physical device such as a USB. The device replaces the six-digit confirmation codes that Google currently uses in its two-step authentication process. Traditionally, users would generate the six-digit number using an app on their smartphone, or receive it via SMS, but with Security Key, a user can just slot in their USB before logging in. Users are still required to enter their password.
As other services begin to support Security Key, the same USB key will be able to provide two-step authentication for multiple websites and applications.
Security Key makes use of the open "Universal 2nd Factor" (U2F) protocol from the FIDO Alliance. As such, any U2F compatible device can be used for as a Security Key dongle. These can be purchased from Yubico for USD$18.
While USB keys are the most common devices to support the Security Key standard, the same architecture can be used for Bluetooth or NFC dongles.