Starting today, Google started offering an extra layer of security for its users when logging into their accounts. It comes in the form of a physical USB key which can be purchased for under $20.
The USB key is based on the Universal 2nd Factor Standard (U2F), which was developed by the FIDO (Fast IDentity Online) Alliance. The key works as a second factor sign-in component and only works after verifying that the login site is indeed an authentic Google site.
Compared to the 2-step verification methods that Google offered until now (usually smartphone/cellphone-based), this new approach’s upside is that you don’t need to have access to your phone, which comes in handy especially in the case that your phone is lost or stolen. The downside of this approach is, however, that you need to have an available USB slot. This is typically not the case if you need to login from your cell phone.
As Brian Krebs notes, it’s rather remarkable that companies like Google offer much higher level of security than do most, if not all, financial institutions. Especially considering that your life often depends much more on your bank account than on your email account.
For those of you that are interested in buying one of these, you can visit the Yubikey website and purchase it for $18.