Google’s 2-Step Verification Now Supports FIDO “Universal 2nd Factor” Open Standard

[Guest]

Google adds support for the FIDO Alliance's Universal 2nd Factor open standards protocol, so now users can authenticate to Google's websites through a much more secure hardware-based method.

Google’s 2-Step Verification Now Supports FIDO “Universal 2nd Factor” Open Standard : Read more

 

[ubercake]

When your fingerprint becomes data or your voiceprint becomes data, it can be hacked. Hacking it will simply require going after different data.

 

[ChronosVRdS]

"USB keys are probably not going to become mainstream", I disagree, Yubikey NEO is USB Key and NFC enabled, kind 2-in-1 solution, it works with your pc and mobile! No battery, better protection, less bulky, and way cheaper than a smartwatch!

 

[Solandri]

When your fingerprint becomes data or your voiceprint becomes data, it can be hacked. Hacking it will simply require going after different data.

That's why something like a USB key can work. Designed properly, it doesn't rely on data. It relies on a algorithm which can't be read over the USB connection.

You hard-code a private key into the USB stick's hardware. You design it so there is no way to access this private key over the USB connection, and trying to access it directly destroys the circuitry. Only data can be sent to and read from the USB connection - all computations are handled within the USB stick's hardware.

Google then encrypts a data packet containing a challenge using its private key and the USB stick's public key. It transmits that data packet to your computer, which sends it to the USB stick. The USB stick decrypts it using its private key and Google's public key. It is now able to read the challenge.

Your computer then generates the appropriate response (e.g. you type in your gmail password), and encrypts it with its private key and Google's public key. That encrypted data is transmitted back to Google which decrypts it using its private key and the USB stick's public key.

If the decrypted data contains the correct response to the challenge, then Google has confirmed that the actual physical USB stick they sent the challenge to was in fact the one which sent the response.