Earlier today, Google announced on its blog an extra layer of security for Google Accounts based on FIDO U2F support added to the Chrome browser, the first public deployment of FIDO U2F protocols and a major step in increasing Internet security.
Starting today, the Security Key by Yubico with its FIDO U2F support lets users securely login to Google Accounts and any number of service providers who have or will adopt the FIDO U2F protocol. FIDO U2F is an emerging open authentication standards initiative with strong support from more than 120 end-user and vendor companies in the FIDO Alliance.
"This news can’t be overstated for anyone who desires better protection against hackers; whether consumers, security professionals, Internet privacy advocates, or the millions of global YubiKey users who appreciate its ‘one touch’ strong authentication and ease-of-use," said Stina Ehrensvard, CEO and Founder, Yubico, Inc. "Having a leading Internet browser adopt FIDO U2F signals the arrival of new and stronger options for authentication and security."
The new FIDO U2F Security Key is a specially designed YubiKey that relies on high-security, public-key cryptography. Durable, conveniently sized, and blue in color, all it takes to authenticate is to touch the button on the key after it has been inserted into a USB port. With the FIDO U2F Security Key, there are no drivers, no client software, no middleware, and no traditional and costly certificate authority (CA) model.
Each FIDO U2F Security Key has a secure element, powered by NXP, which performs cryptographic functions triggered by a simple touch of the key. This isn’t a biometric device, instead it uses a capacitive sensor activated by the small amount of electricity the human body naturally produces.
Once touched, the FIDO U2F Security Key provides a unique public and private key pair for each application it protects. Only those keys can correctly complete the cryptographic challenge required for authentication and a successful login.