First reported on cybersecurity site Krebs on Security, it appears one of Google’s standard issue security protocols is a $20 two-factor authenticator you can buy on Amazon.
Yubico’s YubiKey plugs into a USB outlet and, once you’ve set up the proper Universal 2nd Factor (U2F) software on your computer (Google it, there’s plenty), you’ll only need to plug the YubiKey into the USB and press the small button on its face to log in. Though not immune to security breaches or other issues, this method of logging in to your computer or accounts on the web is, by several orders of magnitude, far more secure than a typed password. Note that not all browsers support U2F functionality yet — Chrome and Mozilla Firefox do, while Safari and Microsoft’s Edge do not (though Edge will support it soon-ish).
According to the same report, Google previously used another, more popular method of multifactor login and authentication — its own Google Authenticator program, which sends a one-time use code to your phone to use for logins.
“We have had no reported or confirmed account takeovers since implementing security keys at Google,” the [Google] spokesperson said. “Users might be asked to authenticate using their security key for many different apps/reasons. It all depends on the sensitivity of the app and the risk of the user at that point in time,” Krebs reported.
The YubiKey can be had for $20 on Amazon now.
