For Extra Safety, You Can Now Access Gmail With a Physical Key
Blink and there's another headline about stolen passwords. As hacker attacks get more frequent and sophisticated, even the most secure password – not the still somehow popular 12345 – can't guarantee that your account remains secure.
Thankfully, it just got easier for you to protect your Gmail account because Google just launched support for Security Key, an open standard that allows you to access your email by inserting a physical device, most likely a USB, into the computer. You'll still need a password, of course (so that if a thief somehow makes off with your key he won't have blanket access) but this new security measure makes it virtually impossible for hackers to access your account remotely.
For users who opt into the program, the Security Key updates Google's two-step verification; instead of entering a six-digit confirmation code, typically sent via text to your phone, you will be prompted to insert the USB key before logging in.
This both solves practical annoyances -- ever try signing in to your account, but your phone isn't charged? Or travel, and don't want to rack up the roaming charges necessary to receive that confirmation text? – while beefing up your account's security. As the MIT Technology Review notes, sophisticated hackers are able to break two-factor authentication that uses confirmation codes by intercepting text messages, or hacking users' smartphones remotely. While unlikely, it's still possible.
Enable a Security Key, however, and hackers would need physical access to your USB port in order to break into your account. For high-profile, frequently-targeted individuals, this is an important distinction.
Security Key likely isn't for everyone – admittedly, there are a few annoyances. First, at least for now, the Security Key only works on Chrome. In addition, you can't use a pre-existing USB drive – instead, you'll have to purchase one that supports a FIDO authentication standard. (Numerous manufacturers are already producing these ports, which can be purchased for less than $20.)
As online attacks become increasingly commonplace, however, it's not a bad measure to consider for yourself or your business. Beginning in early 2015, companies that pay Google for email and office software will be able to have their employees use security keys to access these services, according to the MIT Technology Review.
If you don't opt to use a Security Key, definitely do enable two-step verification, the best way to protect personal accounts from getting compromised. If the celebrity-hacking scandal taught us anything, it's that two-factor authentication shouldn’t be an option, it should be a requirement.