Google’s approach to fusing its devices and systems with either two-factor authentication (2FA) or 2-Step Verification (2SV) has been combative. Still, the tech company remains relentless with making its security system the most authentic introducing a physical USB-like security key that is likely to serve multiple purposes.
The Search Giant intends to channel its security key to protect account sign-ins on its web browser, but securing the entire Android device seems on point. While Google focuses this technology on its services, it can solely serve as a key that unlocks mobile security.
Google expects its users to enrol for two-factor authentication or 2-Step Verification — it’s a simplified process of unlocking your accounts whereby after inputting your login details, Google requires you to confirm your login attempt via 2FA or 2SV.
There is a different approach to activate either 2FA or 2SV — you can access Google’s security services by your phone security key set-up — a long-pressing on the volume button that activates this feature.
You can also oblige to Google’s prompt message that notifies users whenever you are active on any of its services such as Gmail, Drive, Google app, etc. And attempting to sign in on another device — You’ll be required to click “yes” which opts you in for Google 2FA or 2SV security service which proves proximity.
The USB-C security key to confirm a sign-in appears to be rigid than using 2FA or 2SV via notification — the security key requires users to manually configure the passcode before attempting to sign in. While the 2FA/2SV notification is similar to a Bluetooth-like security key that is only accessible based on the proximity of the devices.
Google intends to use Chrome as another means to authenticate 2FA/2SV for android apps. For context, when you attempt to sign in to any of your Google accounts on another device, a notification prompt with the usual “Are you trying to sign in?” short message — another window pops up with clickable “Yes or No” buttons.
It is worth noting the footnote of the security page, Google alerts states that “Someone is trying to sign in to your account from a nearby device.” After click yes, another page pops up that requires you to connect to your device — an animated verification process that rotates. It is similar to the mobile security authentication process.
Although this security seems a little bit complex than the previous 2FA notification that seemed ordinary. Still, you don’t need to open your Chrome browser to authenticate 2FA/2SV security. This verification process is automated whereby when you open the multitasking window on your device, you will notice the security page is a sub-Chrome window.
According to Google’s blog post “Enable use of phones that are signed in to the same account, with Sync enabled, to be used as 2nd-factor security keys. – Mac, Windows, Linux, Chrome OS, Android — chrome://flags/#enable-web-authentication-cable-v2-support.”
Note that this service is still under development — with caBLE (cloud-assisted Bluetooth Low Energy), the Search Giant uses Chrome flag requirement that involves accessing the same account, you are also required to enable sync for Chrome.