Google Two-Factor Authentication
By: Alexandra Ferguson
Google has now publicly launched support for Security Key, the world’s first deployment of fast identity online universal second factor (FIDO U2F) authentication. In addition, Google Chrome became the first web browser to implement support for FIDO Alliance authentication standards in an effort to transition away from the typical single password method for consumer security.
This USB device replaces the six-digit confirmation codes currently used by Google’s two-factor authentication. A user would insert the USB key into their physical device while logging into gmail, and apply light pressure on the sensor to generate a one-time password to gain access to their mail service. A password is still required to complete in the login process, but the password would be useless without the corresponding security key. This conforms to the multi-factor authentication approach by using a knowledge and possession factor to gain access.
This methodology is seen as a good middle ground between the ineffectiveness of passwords and the expensive specialization of biometrics. Biometric authentication has been widely regarded as the most foolproof security implementation, as it is difficult to forge personal recognitions such as fingerprint, retinal, and palm scans.
Having experience utilizing all three major authentication methods, I see two-factor authentication as the most accessible and employable method here at JBKnowledge and all companies world-wide. The act of storing a biometric scan is unappealing to some and very expensive to employ and passwords, while cheap, are easy to gain access to and users tend to write more complex passwords down. The benefits of two-factor authentication outweigh the costs are the price of disallowing vulnerability is priceless.