Google has recently announced that it will be launching its own security key called the Titan Security Key. It will come in both USB and Bluetooth versions and will be available by the end of the summer in Google’s online store.
As Multi-factor authentication provides an extra layer of security by using more than one method of authorizing and authenticating a user. Therefore, in order to log in to an account, users will not only need their passwords but another (or more) token to login. Common examples are One Time Passwords and Security Questions.
In the case of a Physical Security Key, this second factor is actually stored inside a physical device hence if a user wants to log in, not only he/she enters the password, the physical key must also be connected to the device being used to log in. Only if both (password and security key) of them is present (and correct), the users get logged in.
These keys come in many forms like a USB stick or a Bluetooth fob that the users have to connect to their device when they try logging in. Besides this, Security keys would also be able to warn the user if they were visiting a phishing website.
These prevent phishing just like any other multi-factor authentication i.e. even if an attacker manages to guess/gain the password via phishing or brute-forcing, he won’t be able to login to the account just by using the password and in the case of a physical key, obtaining both the factors would be extremely difficult for a malicious actor.
Ankush Johar, Director at Infosec Ventures, an investor in EmailAuth.io and HumanFirewall.io, a comprehensive Anti-Phishing suite of products comments, “Physical security authentication is one of the most potent ways to stop phishing attacks. Not the most convenient or user-friendly, but inevitable if the security of an email account is critical. This is a ‘must have’ for all ‘high value’, ‘high priority’ users in any large organisation, the security of those accounts is crucial to the security of the organisation. Humans are the weakest link in cybersecurity and this is an important method of ensuring protection.”