Two-step verification is still not standard practice for all password protected services but it’s becoming more popular (click here for a list of services that use two-step authentication) as users become increasingly aware of data vulnerability. Two-step or two-factor authentication usually involves a code that is sent to your mobile phone. Today, Google introduced something a little different that adds a third layer of security.
Dubbed Security Key, this is a physical form of two-step that uses a USB stick to add an additional safeguard by verifying the site you’re connected to is actually a legitimate Google service. It also avoids the problem of having to have your phone next to you, charged, and has the right SIM card inside (an issue when traveling abroad).
It only works with Chrome, so die-hard Firefox or Internet Explorer fans will have to switch if they want to make use of this new device. However, other sites and services can also take advantage because Google’s Security Key is based on the FIDO Alliance’s the Universal 2nd Factor protocol.
It’s free to use but users will have to purchase a U2F-compatible USB stick. Google’s not actually selling a new product here. Check out Amazon’s list of U2F security keys here.