Keeping Tech Simple and Easy

Rick Delgado

Subscribe to Rick Delgado: eMailAlertsEmail Alerts
Get Rick Delgado: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Blog Post

Security Key and Chrome: The Next Generation of Security? [#Cloud]

The goal of the FIDO Alliance is to make online security verification safer, more secure, and more convenient than ever before

As 2015 kicks off and people try to learn from the lessons of 2014, one issue remains at the top of most of their minds: security. Whether it was the account infiltration that lead to photo leaks from Apple's iCloud, the Sony hacks that revealed emails and other sensitive information from the studio, or major breaches at companies that compromised customer data, it was nearly impossible to escape the serious consequences of security failures. With such a critical issue affecting companies and individuals alike, it's no surprise that new methods and technologies were developed to help improve security. One of these new technologies gaining more mainstream attention is a special USB device from the FIDO (Fast Identity Online) Alliance used with the Google Chrome browser. The new Security Key represents a notable upgrade compared to other security efforts and could in fact be the first of a new generation of security devices.

The goal of the FIDO Alliance is to make online security verification safer, more secure, and more convenient than ever before, and the new Security Key is definitely a step in that direction. In fact, it's the ease with which people can use it which will likely lead to growing popularity. Here's basically how it works: when accessing a Google Account website, instead of putting in a password, the user would instead insert the USB Security Key into the computer. Then when prompted, the user would only need to press a button on the drive, and just like that, the user now has access to the site. It's quite easy and effective, and the increased security is a major benefit for both businesses and individuals alike.

Many web providers, cloud vendors, online businesses, and others have tried to use better security techniques to improve the network security of their sites while also making things safer for the consumer. One such technique that's been in use for several years is two-factor authentication. This method works by having users input a memorized password, then receiving a verification code on a separate device (usually a smartphone or tablet) that they then input. For obvious reasons, this approach is more secure and ensures users need more than just a password before accessing a sensitive account. Security Key takes this approach one step further by utilizing a USB drive in place of a verification code. Each device has a component that can hold and process encryption keys. This element has many uses, one of the most important being the ability to verify and validate whether the website the user is currently on is a genuine website and not one crafted by cyber criminals. Security Key can receive and reply to encrypted challenges from Google Chrome, allowing users to know the websites they are visiting are legitimate. In this way, Security Key can prove instrumental in preventing phishing attacks.

Beyond phishing, FIDO's Security Key can also prevent other leaks and failures most often occurring when passwords are lost and stolen. The device helps users by making it so they no longer have to memorize a large number of passwords, something that's been increasingly difficult the more online accounts are used. Security Key's easy-to-use nature and more secure technology is also just one part of a much larger effort to set better standards for online authentication by making it more difficult for attackers to steal valuable data. The technology used in Security Key is of the same type as chip-and-PIN tech used more and more by banks and retailers, which goes a long way toward an overall more secure environment.

While Security Key has lots of potential and is more convenient than the normal two-factor authentication process, there are some drawbacks all potential users should consider. Since a full-size USB port is required as of now, Security Key cannot be used for smartphones and tablets, which usually only have mini-USB ports. This could make it a less attractive security option for businesses, especially with the growth of BYOD policies. Security Key is also only available for Google Chrome for now, though the number of compatible browsers will likely increase in the future. And though each Security Key USB drive is relatively cheap (usually less than $20), it still costs money, whereas two-factor authentication is free. It all comes down to whether the user or business believes the added security is worth the extra investment.

With so much concern revolving around security, the release and spread of FIDO's Security Key is a welcome development. It by no means solves all security problems, but it's a cheap, convenient, and effective way to enhance security and keep cyber attackers at bay. Security Key can be seen as taking easy security solutions to the next level, one that will likely become a common sight as more organizations focus on improving cyber security.

More Stories By Rick Delgado

“I’ve been blessed to have a successful career and have recently taken a step back to pursue my passion of writing. I’ve started doing freelance writing and I love to write about new technologies and how it can help us and our planet.” – Rick DelGado (@ricknotdelgado)