Google launched support for Security Key, an open standard that lets you log in to an account with a physical device, usually in the form of a USB. The device takes the place of the six-digit confirmation codes currently used by Google’s two-factor authentication. Instead of typing in the code, you’ll simply insert your USB key before logging in. A password is still required, so a thief wouldn’t be able to log into your account just by stealing your security key. On the other hand, if your account password ended up leaking onto the web, it would be useless without the corresponding security key.
Because the Security Key is built on an open standard, there’s also no reason to think it will be limited to USB, The same architecture could be used over Bluetooth or NFC tokens, or triggered by bio metric scans of a users fingerprint or iris. It could also be used to move beyond simple two-factor security, requiring three or four different authentications before particularly sensitive information could be accessed, although those features aren’t present in Google’s current implementation.
“There is no doubt that a new era has arrived,” said FIDO Alliance President Michael Barrett in an official statement. “We are starting to move users and providers alike beyond single-factor passwords.”