Google's 'Security Key' offers safer two-step verification

A physical security measure

Advanced attackers have found ways to circumnavigate the two-step authentication login process. Receiving text message or email codes that accompany your passwords is no longer a rock-solid security measure that is guaranteed to protect your information.

To defend against these advanced attacks, Google has launched a USB-based product designed to improve two-step verification processes. The tool, Security Key, enables users to insert a device into a USB port in order to authenticate log-ins.

Rather than receiving verification codes via text message or email, Security Key users can simply carry the device on their keychains or in their pockets and insert the tool into a USB port whenever they wish to access secure information.

Why it was built

Google says the tool is a defense against sophisticated attackers that typically infiltrate two-step verification systems by setting up lookalike sites that request log-in information from victims. Security Key, which uses cryptography instead of verification codes, is designed to work only with the websites with which it has been pre-programmed.

Because Security Key requires a USB port, users won't be able to use the tool on mobile devices. Additionally, Google has made Security Key a Chrome-only tool, so you won't be able to access sites via Firefox or Internet Explorer via Security Key.

Security Key is generally available on Amazon. Google directs users from its website to an Amazon page that lists three models ranging in price from $5.99 (about £3.70, AU$6.80) to $50 (about £31.99, AU$56.80).