Phishing site ultimate killer: Google security keys encapsulated into “U disk”

Google last week released a new security protection measures, the new security protection measures adopted special USB security key, to provide users with more secure data protection.

the optional security key technology in the process of operation only need extra two simple steps: 1, the special security keys plugged into the computer USB interface; 2, press the confirm button, after Chrome users will receive a Google system sends to the mobile phone or E-mail verification code, the user must enter the verification code to complete the whole validation process safety information, the last login account. This two-step verification is simple and safe, suitable for users who are particularly sensitive to account security requirements.

however, choose to adopt the security key technology of the user to cooperation supplier will have to purchase a USB security key equipment worth less than $20.

“and enter a string of code, you as long as the security key is inserted into the computer USB interface, press the confirm button after Chrome prompted,” Google safe product manager Nishit Shah wrote in a blog, “when you’re through Chrome and security keys after login to your Google account, you can completely don’t have to worry about your password credentials will be phishing intercept technology.”

Google had previously launched a second security scheme aims to promote general project, hereinafter referred to as U2F. This time, Google launched the security key technology is FIDO union publicly for the first time to try after using the standard. FIDO, full name “online fast authentication alliance”, aims to open technologies to provide better network security services, currently has more than 120 companies to join the alliance, including Microsoft and Google. It is important to note that apple did not join the FIDO. For any support FIDO alliance security key technology services, users can use the same USB security key account to land safely.

for Google to release the product, FIDO for support. “There is no doubt that a new era is coming,” FIDO union chairman Michael Barrett (Michael Barrett) said in a statement, “we are trying to encourage users and service providers to give up using a single password authentication way, switching to more security and secrecy, easy to use FIDO validation.”

security key technology of hardware, USB security key, is a plastic sheet on the appearance, internal contains a handle encryption key chip and is able to dock with the computer USB interface of information channel, the whole hardware cost less than $20. In addition according to FIDO alliance agreement, the USB security key can be applied to other application support U2F security protocol. Security keys built-in processing chip, commonly referred to as “security elements” — is in the smart card application and safe storage and encryption key processing widely used hardware components. In the use of the first registered in the process of service providers, security keys will generate a set of encryption keys: a string of public key is sent to the provider, a string of private key by the user security key store. When using the technology of browser support site will ask security key to send an encrypted, by the security keys according to reply again after encryption, decryption key encryption.

you can see, in many ways, security keys and merchants used to fight with the bank credit card theft “chip and pin” (chip – and – PN) technology is similar.

the vice President of online security password protection provider Yubico Jerrod Chong said, through the use of the key and support the function of the browser and services, almost all of the phishing attacks, keyboard record interception and man-in-the-middle attack has become impossible.

“any attackers will not be able to get the login account information effectively,” Chong added, “if the system is damaged, the technology does not prevent data leakage. However, we must be clear, we design its purpose is to prevent the most common attacks: fishing cheat users through the network to do some damage to the interest.”

Google’s security keys currently only supports the Chrom browser and Google’s services. But Google hopes to mobile browser and other browsers can support U2F as soon as possible, make more and more people can use anytime and anywhere Google’s two-step authentication security key services, enjoy the new era of Internet.


You may also like...