Pay Us for Our Inferior Password Solution, says Google

Google Dongle

Google Solves Your Password Problem – Only Less Secure Than They Solved it for Themselves

In this day and age, we have online accounts for EVERYTHING. We’ve got work profiles, Microsoft accounts, Google extensions, virtual banking, Amazon, Netflix, and social media apps, all of which require passwords. Now, it’s not always easy to remember every single password, and no, the solution is NOT to make every account password the same. If you’re anything like myself, you probably reset your passwords extremely often due to short-term-password-memory loss. It’s okay, because together you and I provide the IT support professionals of the world a stable income and a reason to complain to their friends. But what if this problem was solved? Well it turns out it has been, by a company called Yubico. In fact, Yubico solved the problem so well, Google adopted their product widely across its own organization. And now Google hopes to cash in on that success by creating and selling an inferior product. Right now, we can hope our constantly changing passwords make our accounts more secure, but it’s more probable that your online accounts will be compromised. “I forgot my password” buttons typically send new passwords, verification codes, or other private information to your email or cell phone, both of which can also be easily hacked. Because of this, 2-step verification (aka 2-factor-authenticaion, or 2FA) has become a much more popular security precaution in regards to Google Accounts and other online programs. In addition to entering your password, you can require verification codes via text OR use a security key that plugs into your computer, which is significantly more secure.

No Phishing Allowed

Google employees have experienced great success implementing this 2-step verification hardware, so now they are working to create their own security key with Bluetooth features. Good idea? Bad idea? ¯\_(ツ)_/¯ Either way, IT guys will still have a job telling us to turn it off and on again. None of Google’s 85,000+ employees have been successfully phished on their work accounts since early 2017, and the reason for that is? Physical security keys! Yubico, a popular maker of these keys, worked closely with Google to “extend the capabilities of the YubiKey two factor authentication technology to also include public key cryptography.” Together they created the FIDO Universal 2nd Factor standard (U2F), which basically allows Internet users to securely access online services using their plug-in key without installing drivers or device software. But now Google is making its own security key with a Bluetooth feature… even though Bluetooth just announced they were having security issues. The irony is quite literally within the technology.

How does it work?

Google’s new security key, Titan, features a button which can be plugged directly into computers or connect via Bluetooth. Due to the fact Bluetooth is having security issues on devices with Apple, Google, Broadcom, Qualcomm, and Intel, we recommend plugging the key directly into your computer. The Bluetooth aspect of the device is convenient, but almost completely ruins the point of it. However, when these 2-step authentications need to take place on cell phones or other devices without USB ports, the Bluetooth feature is necessary, but still less secure. Ultimately, this security hardware has proven to be powerful. But it’s still relying on humans to not lose, break, or damage the tiny key, and we applaud Google for thinking so highly of us. If someone were to lose their key, then the fallback is the current software authenticator. Although these security keys are able to better protect your passwords, they can’t stop you from accidentally downloading malicious files. But don’t worry about that. Just hand it over to IT support, so they can take your computer down into their cave and use sorcery to fix it, no problem!