Google: Security Keys - the best way to secure your account

We at KingServers try to keep track of the latest trends in various technological areas. One of them that interests us most is security. If there is not a sufficient level of security, then all technical tricks on storing and transferring data can be considered vain (well, almost) - anyway, data can be stolen by anyone.

It turns out that you can protect personal data with a fairly high degree of reliability. We are talking about Security Keys, small devices that prevent an attacker from getting to the user's information. And now the results of the work of a large number of Google employees confirm this.

As it turned out, more than 50,000 employees of Google for two years participated in a study on information security. And the conclusion here is categorical: Security Keys will give odds to smartphones and any other forms of two-factor authentication.
')
The foundation of Security Keys is Universal Second Factor , an open standard that is easy to use for users of any level - from beginner to IT workers. Security Keys allow you to easily get personal information without the threat of being hacked. Cybercriminals may be able to somehow deal with Security Keys, but Google employees do not think so. In their opinion, it is not possible for an outside person to crack such a key or use some other methods against it. Now cryptographic keys of this type have been implemented in Google, Dropbox, GitHub and other resources and services.

Two years of studying these miniature systems have proven to Google engineers that there is simply no more reliable two-factor authentication method. When connected to a USB port, such a key provides “cryptographic identity verification”, which is extremely difficult to crack or forge. Google is positive about the capabilities of such a system.

The proof that Google employees truly believe that security using Security Keys can be effective in including support for such systems in a number of Google products. “We have included support for Security Keys in the Chrome browser. We have activated this method of protection in many of our services. In this work, we show that Security Keys increase the overall level of security, and high reliability of data protection costs the user a minimum amount and time costs, ” said one of the research participants.

As you know, other forms of two-factor authentication involve receiving a one-time password as a message to the phone. One of the passwords in this case is required when loading something, including the operating system. And the second password is needed to log into your own account. There are also smart cards and certificates of a specific type.

Using two-factor authentication with the phone is not the best option. For example, one-time passwords can be stolen by intruders. The phones themselves are also endangered - after all, a huge number of various kinds of mobile viruses have already been released. They can steal input passwords, sending it to the owner. In addition, the phone may suddenly sit down or lose the network, and then what? Sit and wait for the weather by the sea?

Smartcard is also a relatively problematic option. The fact is that they usually require specific equipment and driver installation on each PC where the user should work. This makes smartcards a much less popular tool than they could be. In addition, in some countries, they are given out by the government, which may lead to certain reflections.

TLS certificates that are used to authenticate users have been known for years, but they have not become particularly popular. The fact is that they are quite difficult to generate for a regular user, and the certificate contains more information than we would like. This may be, for example, the name of the user and his network "coordinates". In addition, when working on each new PC you need to install a unique certificate.

According to representatives of Google, Security Keys represent the optimal combination of security, usability and privacy. The cost of such a key is about $ 10, on average. If the key is created by a well-known company, then the price is slightly higher - up to $ 18. They are smaller in size than the door key, inserted into a normal USB-port, they do not have batteries.

In general, two-factor authentication is now becoming an increasingly common method of protecting information. But it is not very convenient, as mentioned above. Security Keys is one of the alternatives for smartphones and smart cards. It may well be that in the future they will become the main element of such authentication. Or not?