If there’s anything to be learned over the past few months after scandals such as the iCloud hack, it’s that any personal information you store in the cloud could be at risk.
Google wants to eliminate, or at least reduce, this risk with a new verification technique that’s as simple as plugging a USB drive into your computer.
Google on Tuesday unveiled its Security Key — a small USB stick that verifies a website before you log in using your Google credentials.
The key essentially checks to make sure the website you’re logging into is actually a Google site, and not an imposter pretending to be Google to steal your login credentials.
From Google’s description, it sounds like the Security Key can be used as an alternative to the standard means of two-step verification or an extra layer of protection.
Two step verification makes it harder for intruders to break into your account since it requires you to enter a specific code sent to your phone in addition to your password. So, if a hacker manages to get ahold of your password, that person wouldn’t be able to get into your account without entering that code from your phone.
Google, however, says that sophisticated hackers can set up lookalike sites that trick you into providing your verification codes to them instead of Google. That’s where Security Key would come in, since it would be able to detect these phony websites.
With Security Key, you would simply plug in the USB stick and tap in when prompted to do so. The device only works when you’re logging into your Google account in the Chrome browser at this time.
To create the Security Key, Google collaborated with the Fast Identity Online (FIDO) Alliance, a global consortium dedicated to making it safer for users to log in to their online accounts. PayPal and Lenovo were among the first companies to work with the FIDO Alliance in 2013.
Security experts have warned that these types of multi-factor authentication techniques are the best means of protecting against hackers. Jonathan Klein, president of mobile security company Usher, previously told Business Insider that both two-factor authentication and logging in by swiping your fingerprint are much safer than typing in a traditional password.
“There’s nothing to intercept, there’s nothing to steal, there’s nothing to remember, and it’s perfectly secure,” he said.
You can buy security keys that are FIDO-approved and work with Google’s Chrome browser via Amazon.