Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Adds USB Security Keys To 2-Factor Authentication Options

Posted by timothy on from the something-you-have dept.

An anonymous reader writes with this excerpt from VentureBeat: Google today announced it is beefing up its two-step verification feature with Security Key, a physical USB second factor that only works after verifying the login site is truly a Google website. The feature is available in Chrome: Instead of typing in a code, you can simply insert Security Key into your computer's USB port and tap it when prompted by Google's browser. "When you sign into your Google Account using Chrome and Security Key, you can be sure that the cryptographic signature cannot be phished," Google promises. While Security Key works with Google Accounts at no charge, you'll need to go out and buy a compatible USB device directly from a Universal 2nd Factor (U2F) participating vendor.

121 comments

  1. Dongle Bells! by CWCheese · · Score: 2

    I wonder if I can go dig out one of my old C=64 application dongles to use... of course it will be disconcerting if I heard the read/write heads slamming against the side of my disk drives

    --
    Have a Day!
    1. Re: Dongle Bells! by Anonymous Coward · · Score: 1

      Dongle bells, dongle bells, dongle all the way. Oh what fun it is to ride in the google headed sleigh

    2. Re:Dongle Bells! by __aaclcg7560 · · Score: 1

      Not many PCs have 9-pin joystick ports.

    3. Re:Dongle Bells! by Charliemopps · · Score: 1

      Not many PCs have 9-pin joystick ports.

      You mean a serial port? I bet yours does and you didn't even know it.
      And if it doesn't? http://www.amazon.com/USB-9-pi...

    4. Re:Dongle Bells! by __aaclcg7560 · · Score: 3, Informative

      You mean a serial port? I bet yours does and you didn't even know it.

      The OP mentioned Commodore 64 dongles that typically plugged into the 9-pin joystick ports, which were compatible with the Atari 2600 joysticks. The 9-pin connector for the joystick ports were also used for serial ports on the PC, although I think that came later as 25-pin serial connectors were still common on modems in the early 1980's. Early PCs had a 15-pin game port on the old SoundBlaster cards. Don't recall if anyone made a 9-pin to 15-pin adapter to plug in the old Atari 2600 joysticks.

      And if it doesn't?

      None of my PCs have serial ports on them. I had to get a USB serial adapter to be able to console into my Cisco rack.

    5. Re:Dongle Bells! by Anonymous Coward · · Score: 0

      No, he meant a joystick port. As in the Atari 2600 standard digital four direction plus one button, not the PC fifteen pin analog port. The same nine pin port was also present on the C=64 and other eight bit computers of the day.

      Now you can get off my lawn. :)

    6. Re:Dongle Bells! by __aaclcg7560 · · Score: 1

      As in the Atari 2600 standard digital four direction plus one button, not the PC fifteen pin analog port.

      The Atari 2600 joystick was analog with five switches (one for fire and four for eight directions). If the joystick got pressed north/east/south/west, the corresponding switch got turned on. If the joystick got pressed elsewhere, say, northwest, two switches got turned on.

    7. Re:Dongle Bells! by Anonymous Coward · · Score: 0

      >analog with 5 switches
      isn't that digital?

      I remember the first PC joysticks being analog and always needing to be calibrated. And you had to exercise it a bit before calibration or it would drift during gameplay. (some games had in-game re-calibration it was so bad)

      seriously, get off my lawn.

    8. Re:Dongle Bells! by __aaclcg7560 · · Score: 1

      Surprise, surprise, surprise. Looks like the Atari joysticks were digital after all.

    9. Re:Dongle Bells! by Anonymous Coward · · Score: 1

      The newer models come with a mini-USB type-B port just for console purposes. Perhaps it's time to upgrade.
      - Your Cisco sales rep

    10. Re:Dongle Bells! by sexconker · · Score: 1

      You mean a serial port? I bet yours does and you didn't even know it.

      The OP mentioned Commodore 64 dongles that typically plugged into the 9-pin joystick ports, which were compatible with the Atari 2600 joysticks. The 9-pin connector for the joystick ports were also used for serial ports on the PC, although I think that came later as 25-pin serial connectors were still common on modems in the early 1980's. Early PCs had a 15-pin game port on the old SoundBlaster cards. Don't recall if anyone made a 9-pin to 15-pin adapter to plug in the old Atari 2600 joysticks.

      And if it doesn't?

      None of my PCs have serial ports on them. I had to get a USB serial adapter to be able to console into my Cisco rack.

      Your PCs probably everything but the physical port for a serial port. You can buy the connector and slap it on if you give a shit, then cut a hole in the i/o shield (or your case) for it.

    11. Re:Dongle Bells! by __aaclcg7560 · · Score: 1

      If you're studying for the entry-level Cisco certifications, you can use older routers and switches in your hardware lab. These require a rolled cable for the console.

    12. Re:Dongle Bells! by __aaclcg7560 · · Score: 1

      Your PCs probably everything but the physical port for a serial port. You can buy the connector and slap it on if you give a shit, then cut a hole in the i/o shield (or your case) for it.

      Actually, they don't. I got extra headers for USB (Universal SERIAL Bus) on my motherboards. Serial ports are so old school these days.

    13. Re:Dongle Bells! by Marxist+Hacker+42 · · Score: 1

      Not for my last 6 computers have I seen a 9 pin serial port.

      --
      SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
    14. Re:Dongle Bells! by Marxist+Hacker+42 · · Score: 1

      I remember, back in the early 80s, some friends and I pooled our allowance, bought an Atari joystick, then tried to make an adapter for the 9-pin Apple IIe joystick connector- not realizing the reason the Apple joysticks were so damn expensive was because they were analog.

      --
      SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
    15. Re:Dongle Bells! by Anonymous Coward · · Score: 0

      And yet the last three PCs I've built in the last couple years till have them, without even trying. And a computer I am assembling right now has one that I needed, because some old devices don't work on USB->Serial adapter (they often give only 5 V instead of 12 V), and I didn't have to change motherboard selection to find it. The ~75% of the off the shelf computers at my job still have them, even new ones. Quite a few still come with them, sometimes as a header on the motherboard though.

    16. Re:Dongle Bells! by TangoMargarine · · Score: 1

      You mean a serial port? I bet yours does and you didn't even know it.

      Considering that when I was looking at desktops back in 2007, even, I only ran across one that did, I'd take that bet.

      --
      Unity? Screw that: XFCE. Slashdot Beta? Screw that: SoylentNews. Australis? Screw that: Pale Moon. UX developers DIAF
    17. Re:Dongle Bells! by __aaclcg7560 · · Score: 1

      By any chance does your motherboards have PS/2 connectors for keyboard and mouse? Mine don't.

    18. Re:Dongle Bells! by Anonymous Coward · · Score: 0

      creimer is no the OP. Hes just a commenter.
      Google Adds USB Security Keys To 2-Factor Authentication Options
      timothy

      Tim is the OP. Time mentions nothing about commodore 64's.

  2. USB Device Recommendation by Anonymous Coward · · Score: 0

    So, what is a good USB device for this? Any recommendations?

    1. Re:USB Device Recommendation by TWX · · Score: 4, Funny

      So, what is a good USB device for this?

      Probably one whose controller firmware hasn't been compromised...

      --
      Do not look into laser with remaining eye.
    2. Re:USB Device Recommendation by Midnight_Falcon · · Score: 2

      If you read TFA, you'll see YubiCo is offering a new device and their NEO devices are compatible with FIDO U2F. Unfortunately, the standard YubiKey and YubiKey nano does not support U2F.

    3. Re:USB Device Recommendation by allquixotic · · Score: 3, Informative

      I have a Yubikey NEO. The U2F device they're selling now is the same form factor so I would assume it will work. It's a hardy little device -- it frequently clanks up against my other keys, but it still works in both USB and NFC modes. Not sure if the U2F model supports NFC, though. You'd have to check.

      Still, good build quality. And there's no battery; the unit has no moving parts (completely discrete); so they can be expected to last a very long time. Basically the limiting factor is how much damage you will accidentally do to the physical housing of the chip and/or the USB connector by dragging it with you everywhere. So far that amount is "0" for mine as far as I can detect.

    4. Re: USB Device Recommendation by Anonymous Coward · · Score: 3, Insightful

      Why would that be significant, two factor auth doesn't save you from an unstrusted terminal, and you'd sooner run into malware than compromised firmware.

      Christ on a cracker I hope nobody thinks you can plug this hardware into an untrusted software system and expect security.

    5. Re: USB Device Recommendation by Anonymous Coward · · Score: 1

      Of course that's what people are going to think. You plug in this secure thing and now you're secure. Why use it if it didn't make you secure?

    6. Re:USB Device Recommendation by Saithe · · Score: 2

      I just bought a NEO-N, that little tiny device will be nice to have and it also supports NFC. Both NEO support NFC.

    7. Re:USB Device Recommendation by rthille · · Score: 1

      Note that you need a new NEO, and you (for good security reasons) can't update the firmware on your old NEO to do FIDO U2F.
      Or at least I couldn't get mine to work, and AFAICT from reading their announcements that's the case.

      --
      Awesome furniture, accessories and cabinetry in Santa Rosa, CA: http://humanity-home.com/
    8. Re: USB Device Recommendation by ewibble · · Score: 2

      It actually could, well much more than the current system, given a couple things.

      1. The hardware does a challenge response, that way the private key is never given to untrusted hardware software system. Ok the untrusted system could log in once but only once.
      2. The USB key doesn't allow the firmware to be reprogramed (https://srlabs.de/badusb/).
      3. There is no other way than physically pressing the USB key to activate the challenge response each time.
      4. Do not allow a session to remain open indefinitely especially if the same dongle is used to log in form somewhere else.

      I have been saying for years that this mechanism would be great for credit cards, and a password replacement, of course you could still have passwords but with this mechanism would be fine for me without them.

      You could log in to any site with this, if the system used private/public key encryption simply give the site your public key, and use it to log by encrypting the challenge with your private key. Now if you ever use a password on a website you may as well consider it compromised.

      You could have multiple USB keys, if you wanted. You could even allow them to change the private key as long there was a physical block on writing the key, a switch or something.

    9. Re:USB Device Recommendation by Anonymous Coward · · Score: 0

      Where'd you see that the NEO-N supports NFC? On their official comparison page only the NEO supports NFC.

      https://www.yubico.com/products/yubikey-hardware/

    10. Re: USB Device Recommendation by csirac · · Score: 1

      I actually can't tell if you're being sarcastic... but you've just described U2F. Whilst YubiKeys and other vendors do challenge/response, I think FIDO usage is typically one-time-pad mode. All other items are addressed (you can set a PIN to protect config and firmware updates, or finalize so it can't be changed ever again).

  3. Where is the NFC 2-factor? by DigitAl56K · · Score: 4, Interesting

    Let me know when they start selling cheap NFC dongles so we can just tap our phone on them to login. I'm sure our company would buy a bunch. 2-factor makes logging in to conference systems a pain in the ass - everyone is always looking to the guy who doesn't use 2-factor to login already. I don't see how fumbling around with USB sticks is much better.

    1. Re:Where is the NFC 2-factor? by Anonymous Coward · · Score: 1

      How cheap is "cheap"?

    2. Re:Where is the NFC 2-factor? by swillden · · Score: 4, Interesting

      I don't see how fumbling around with USB sticks is much better.

      I use a YubKey NEO-n. It's a tiny device, only extends from the USB port by a millimeter or so... just enough that you can touch it to activate it. I just leave it plugged into my laptop all the time, so there's no "fumbling with USB sticks", I just run my finger along the side of the laptop until it hits the key. It's extremely convenient.

      There's an obvious downside of leaving the key plugged into your laptop, of course. If someone steals your laptop they have your key. However, in order to make use of it they have to have (or guess) your password as well, so it's really only a risk if someone is specifically targeting you, in which case they could also steal your phone. Well, it's also a problem if you use a particularly lousy password, and if you don't notice that the laptop/key are gone soon enough that you can disable the key before the attacker guesses your password.

      FWIW, Google switched to using security keys for corporate account authentication a while ago. Google's security operations team determined that the risk of theft of a security key is actually lower in practice than the risk that an employee's phone-based OTP might be phished. I would have thought that Google employees were too smart to be phished... but I suppose resistance to phishing attacks is as much about social intelligence as anything else, and Google hires a lot of socially inept people.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    3. Re:Where is the NFC 2-factor? by DigitAl56K · · Score: 2

      I don't see how fumbling around with USB sticks is much better.

      I use a YubKey NEO-n. It's a tiny device, only extends from the USB port by a millimeter or so... just enough that you can touch it to activate it. I just leave it plugged into my laptop all the time, so there's no "fumbling with USB sticks", I just run my finger along the side of the laptop until it hits the key. It's extremely convenient.

      That's okay for you on your laptop. When you go to a conference room with a e.g. a PC set up for conference calls, and someone needs to log in to pull up the hangout, it's a different story (don't even get me started on Chromebox for Meetings...).

      Here, having a little dongle sitting in the middle of the desk connected to the main system via USB would provide an easy option to provide at least the 2nd factor auth, without anyone typing in codes or plugging in additional devices. Lots of people walk into a conference room with their phone in hand as it is.

    4. Re:Where is the NFC 2-factor? by Anonymous Coward · · Score: 0

      $60 bucks? No fucking way.

    5. Re:Where is the NFC 2-factor? by swillden · · Score: 3, Interesting

      That's okay for you on your laptop. When you go to a conference room with a e.g. a PC set up for conference calls, and someone needs to log in to pull up the hangout, it's a different story

      The proper solution for that problem is for the conference room PC to have its own account, which is invited to the hangout, rather than logging in with some individual's account. From a security perspective, having a device that lots of people log into is a bad idea; it's an ideal target for compromise, regardless of whether or not you use 2FA.

      FWIW (not much, I suppose, since it's not generally available), the way this works at Google is that conference rooms have their own accounts and calendars. Rooms are added to meetings in a manner very similar to adding guests. Each conference room PC has a small, connected tablet computer sitting on the table that shows the room's upcoming meetings. You tap the one you want and the room joins that hangout. If someone needs to present something from their computer they just join the meeting from their computer, generally with a different URL that only shares their screen and doesn't use their camera, microphone or speakers (or they can join the hangout normally, mute their speakers, disable their mic and then go into presentation mode). All of this also works for people without Google accounts; if they're invited to a meeting they get a URL that connects them to the hangout, and they can present if needed.

      It's very slick. IMO, Google should package the solution and sell it, because it's far and away the best VC system I've seen.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    6. Re:Where is the NFC 2-factor? by swillden · · Score: 1

      $60 bucks? No fucking way.

      These are devices that have really only been used for enterprise security. Low volume plus low price sensitivity equals high price. As use of security keys becomes more widespread, across more enterprises and businesses, and even to consumers, that will change.

      There are other devices available now, including one that is $6. None of the others are as small as the NEO-n, so you'd have to "fumble for USB sticks" rather than leaving them plugged in all the time... but said "fumbling" really isn't that bad. Put it on your key ring, shove it in when needed.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    7. Re:Where is the NFC 2-factor? by DigitAl56K · · Score: 1

      The proper solution for that problem is for the conference room PC to have its own account, which is invited to the hangout, rather than logging in with some individual's account. From a security perspective, having a device that lots of people log into is a bad idea; it's an ideal target for compromise, regardless of whether or not you use 2FA.

      I'm aware of "the proper solution" from an administrative perspective, and maybe what you suggest does work at Google. However, there is a vast difference between a company the size of Google and, say, a startup where people just "take" rooms as needed, or you have to find a free room for something at short notice, and moving the conference from one room to another in a hurry becomes a pain. As I say, I've "experienced" the Chromebox for Meetings in the startup setting, and I'm sure it would be great _if_ you're a larger company, but it was "unpleasant" shall we say for me - in fact, you could tell it was not designed to handle exceptions very easily.

      Google should recognize that there are many smaller companies than large ones and provide a convenient solution.

    8. Re:Where is the NFC 2-factor? by swillden · · Score: 1

      Can you elaborate on what the problems are? You described having a PC in each room... so I don't see what's difficult about uninviting one and inviting another when moving. As for the other things you mentioned... do you think there's no need at Google to find a free room at short notice, or move hurriedly from one room to another? Actually, of late at Google in Mountain View there is no finding a room at short notice or moving hurriedly... because if you didn't grab that room days in advance it's just not available. But the buildings haven't always been so overcrowded and soon won't be again.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    9. Re:Where is the NFC 2-factor? by swillden · · Score: 1

      Oh, and BTW, thanks for the mention of Chromebox. I had to go look it up. I didn't realize Google was selling it.

      I wonder if I could get one for my home office...

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    10. Re:Where is the NFC 2-factor? by Anonymous Coward · · Score: 0

      Have you tried Tiqr?

      It does what you want without NFV.

    11. Re:Where is the NFC 2-factor? by SeaFox · · Score: 1

      I don't see how fumbling around with USB sticks is much better.

      I use a YubKey NEO-n. It's a tiny device, only extends from the USB port by a millimeter or so... just enough that you can touch it to activate it. I just leave it plugged into my laptop all the time, so there's no "fumbling with USB sticks", I just run my finger along the side of the laptop until it hits the key. It's extremely convenient.

      Doesn't leaving the device plugged into your laptop all the time defeat the purpose of two-factor authentication? If someone steals your laptop they have your key now, same is if you left your one-time pad as a text document on the desktop.

    12. Re:Where is the NFC 2-factor? by Anonymous Coward · · Score: 0

      If he left a sticky note with his username and password attached to the laptop with the key also installed then it would defeat the purpose of two-factor authentication. Otherwise the two factors are still kept separate. In fact it could be argued that keeping it installed in the laptop is better. You are more likely to quickly notice your laptop is missing than a small device attached to your keyring or lanyard.

    13. Re:Where is the NFC 2-factor? by swillden · · Score: 1

      I don't see how fumbling around with USB sticks is much better.

      I use a YubKey NEO-n. It's a tiny device, only extends from the USB port by a millimeter or so... just enough that you can touch it to activate it. I just leave it plugged into my laptop all the time, so there's no "fumbling with USB sticks", I just run my finger along the side of the laptop until it hits the key. It's extremely convenient.

      Doesn't leaving the device plugged into your laptop all the time defeat the purpose of two-factor authentication? If someone steals your laptop they have your key now, same is if you left your one-time pad as a text document on the desktop.

      I addressed this in the paragraph below the one you quoted, and a bit more in the paragraph after that.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    14. Re:Where is the NFC 2-factor? by DigitAl56K · · Score: 1

      Can you elaborate on what the problems are? You described having a PC in each room... so I don't see what's difficult about uninviting one and inviting another when moving.

      Sure. Imagine it's a recurring meeting that someone else owns, or a short-term meeting where you're not the owner and the owner is late or doesn't have their laptop with them, etc. How are you going to change the invitation list? You can't, and neither can anyone else on remote teams, so you're screwed until someone goes and creates a new meeting and re-invites everyone, then hope the Chromebox picks that up fast enough, or at all, because technically the meeting has already started. Oh, and then also hope that nobody else has already booked the room you want to use, but simply hasn't showed up.

      These are just some of the real problems I've found.

    15. Re:Where is the NFC 2-factor? by swillden · · Score: 1

      The ownership thing can be mildly obnoxious. It's fairly standard practice at Google to click the checkbox to allow all attendees to edit a meeting. Even without that, though, it's always possible to make the change on your own copy; no one else will see the change if they look, but you can add someone (or a room), and the meeting will be added to the appropriate person/room calendar. Maybe Google Calendar works a little differently externally... I wouldn't think that part would be different.

      Doesn't the Chromebox offer you the ability to type in a meeting name? That's another option on the internal system. We just go to the other room and manually enter the meeting name. Actually this was a problem a couple of years ago, but refreshes have gotten fast enough I haven't had to do that for a while, except when no one added a Hangout to begin with and we just have to make one up on the fly. Then we pick a name send it to everyone via chat or whatever, and type it into the room controller.

      As for getting the other room booked, that's easy. Just make a calendar appointment and put the room on it. Fast.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
  4. How does it secure against spoofing? by Opportunist · · Score: 5, Insightful

    What keeps me (or my malware, respectively) from opening a google page in the background (i.e. not visible to the user by not rendering it but making Chrome consider it "open") and fool the dongle into recognizing it and the user into pressing the a-ok button?

    A machine that is compromised is no longer your machine. If you want two factor, use two channels. There is no way to secure a single channel with two factors sensibly.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    1. Re:How does it secure against spoofing? by Anonymous Coward · · Score: 0

      What keeps me (or my malware, respectively) from opening a google page in the background (i.e. not visible to the user by not rendering it but making Chrome consider it "open") and fool the dongle into recognizing it and the user into pressing the a-ok button?

      A machine that is compromised is no longer your machine. If you want two factor, use two channels. There is no way to secure a single channel with two factors sensibly.

      What does that give you? You have malware that can already fake the browser into opening a page, what's to keep it from doing screen captures/key logging, network monitoring, and sending that info back to the C&C node?

      You'll gain session login information, but it's not going to be useful for logging in somewhere else (either via another site or to Google again once you log out) because each time you press the a-ok button, a different sequence of characters is generated.

    2. Re:How does it secure against spoofing? by Junta · · Score: 1

      Sure, that will get malware authenticated for that session. Realistically speaking, if the end device is compromised to the degree of having malicious intervening software, there's little that may practically be done. However, 'keylogging' does much less in this case. It can intercept the one time credential that was sent, but that credential is useless beyond that session.

      Compare that to the common state of the art where not only can malware run amok with the authenticated session, it can also report up the login credentials for the adversary to use at will.

      Now I will say I'd just as soon use TOTP with a pin appearing on my cell phone than a dongle. I suppose some people can't be bothered to type a 6 digit number in 60 seconds.

      --
      XML is like violence. If it doesn't solve the problem, use more.
    3. Re:How does it secure against spoofing? by Charliemopps · · Score: 1

      I don't think it works that way.
      The dongle has a key.
      The site has a key.
      depending on how this authentication is setup (I can't be bothered to check):
      Both sides send each other a challenge, which combined with the time is calculated and sent. (i.e. try it at 5pm and you'll get a different answer than 10am)

      Both results have to match as well as the users username and password.
      So, for an attack to be successful, they'd have to breach the Dongle, the website and the user. At that point it's kind of irrelevant what security measures you took. I suspect that, if you had the opportunity to steal the users USB dongle, you could have took their cellphone as well.

      Security that's so painful no-one uses it, is worthless. Security that makes small sacrifices technically to achieve broad adoption is a good thing. Google could make you drive out to California and sign a document stating you really are you in front of a notary. But no one would do that, and it would still be vulnerable to the same groups that could break this Dongle scheme.

    4. Re:How does it secure against spoofing? by Gr8Apes · · Score: 2

      I was thinking this was more a leave it plugged in dongle, so Google has guaranteed tracking of all you do. After all, why would Google do anything if it doesn't add to the bottom line?

      --
      The cesspool just got a check and balance.
    5. Re:How does it secure against spoofing? by Anonymous Coward · · Score: 0

      They are adding to their bottom line.
      They have stated that their next Android will be encrypted by default.
      They are likely doing this new two factor thing in order to say, "See? We aren't sharing things with the gov like the Snowden docs say we are."
      They are also likely doing this to say, "See? We are more secure than that other email service that you are using."

    6. Re:How does it secure against spoofing? by Anonymous Coward · · Score: 0

      What keeps me (or my malware, respectively) from opening a google page in the background (i.e. not visible to the user by not rendering it but making Chrome consider it "open") and fool the dongle into recognizing it and the user into pressing the a-ok button?

      The credentials generated by the security key are tied to the URL that the web browser sent it. So pushing the button for the "accounts.google.com.ottogi.co.kr" tab will produce login credentials that can't be used with accounts.google.com. This is what makes it better than OTP. However, it's still vulnerable to having the local machine hacked, or having your DNS spoofed.

    7. Re:How does it secure against spoofing? by Charliemopps · · Score: 1

      They are adding to their bottom line.
      They have stated that their next Android will be encrypted by default.
      They are likely doing this new two factor thing in order to say, "See? We aren't sharing things with the gov like the Snowden docs say we are."
      They are also likely doing this to say, "See? We are more secure than that other email service that you are using."

      ...and they've also likely consulted with their lawyers and know what the inevitable SCOTUS decision will be. They have a very limited amount of time to demonstrate that they are not complicit in all of this and try to squeak out from under what could be potentially ruinous for their business model. If SCOTUS is overly broad in their ruling it could destroy Google/Facebook overnight.

    8. Re:How does it secure against spoofing? by Anonymous Coward · · Score: 0

      The dongle doesn't have anything to do with Google? It's made by a third party and is based on a standard, U2F, created by a bunch of companies.

      Google is only accepting it in Chrome, so there's that.

    9. Re:How does it secure against spoofing? by Anonymous Coward · · Score: 0

      how do you fool the user into pressing the button?

    10. Re:How does it secure against spoofing? by Anonymous Coward · · Score: 0

      I wish the IBM ZTIC project got more mature. Last time I recall, it required specific drivers, which made it PITA to use.

      However, the concept is nice. A secure device that is used on a different channel with end to end encryption and that not just works for authentication... but confirms things, be it a password change, change of data, displaying financial transactions and asking to proceed, etc.

      My idea:

      Since 3G radios and antennas are so inexpensive, and they don't really need a phone plan, why not base a device that uses a channel on top of that with end to end encryption that isn't relying on the common SSL key infrastructure? This would go a long way to protecting a user, even if their computer is compromised.

    11. Re:How does it secure against spoofing? by Anonymous Coward · · Score: 0

      I was thinking this was more a leave it plugged in dongle, so Google has guaranteed tracking of all you do. After all, why would Google do anything if it doesn't add to the bottom line?

      There's no need to speculate, Google doesn't make the security keys, and the protocol is public. The way it's designed actually offers some pretty strong privacy guarantees, the spec even calls it out explicitly "If this origin check was not present, a public key and Key Handle issued by a U2F device could be used as a 'supercookie' which allows multiple colluding sites to stringly verify and correlate a particular user's identity." (overview, section 4). There is one case the security keys can leak information though. If a website suspects that two users are really one person, and that person is using the same security key for both accounts, the website could see a log in attempt for user "bruce.wayne" and instead of sending the blob for bruce.wayne's key to decrypt, send the blob for "batman"'s security key to decrypt. Since it's the same security key decryption will be successful, and the website learns that someone with batman's security key also typed in the username and password for user bruce.wayne.

      As for Google's motives, you'll have to ask Google.

    12. Re:How does it secure against spoofing? by swillden · · Score: 2

      What keeps me (or my malware, respectively) from opening a google page in the background (i.e. not visible to the user by not rendering it but making Chrome consider it "open") and fool the dongle into recognizing it and the user into pressing the a-ok button?

      For one thing, if the tab with the malware-loaded page isn't on top, Chrome won't allow it to talk to the dongle. If there is some way to render a page that is not visible to the user but which Chrome considers sufficiently "open", that's a Chrome bug which should be fixed.

      A machine that is compromised is no longer your machine. If you want two factor, use two channels. There is no way to secure a single channel with two factors sensibly.

      You should have stopped after the first sentence, because two channels doesn't help. If the machine you're using is compromised, it's no longer your machine, period. This is true regardless of the authentication method being used. That said, some authentication methods are susceptible to replay attacks... if I can compromise your machine and grab your credentials then I can log in as you from my machine. Security keys make that sort of attack very difficult, much harder than, for example, an out-of-band one-time-password. In that case, I just have to make sure I use the one-time password before you do, grabbing and submitting it before you click "Go". With a cryptographic challenge response protocol performed by a security key that's more difficult, because a secure channel is established between the authentication server (at Google) and the security key. It's still not impossible, but it's much harder.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    13. Re:How does it secure against spoofing? by sexconker · · Score: 1

      What does that give you? You have malware that can already fake the browser into opening a page, what's to keep it from doing screen captures/key logging, network monitoring, and sending that info back to the C&C node?

      You'll gain session login information, but it's not going to be useful for logging in somewhere else (either via another site or to Google again once you log out) because each time you press the a-ok button, a different sequence of characters is generated.

      Wrong.
      You get a different set of characters every X seconds, not each time you press the button. On the authentication end, there's a rolling window of time it will accept button presses for. This window is not perfectly aligned with your generation window (and can't be, as clocks skew). This window is larger than your generation window. For most implementations, at any given time there are multiple strings that will be considered valid.

      With this you can do things like set an time offset for each user. When they log in and you find their clock is 6 seconds behind yours, you can correct for that before it becomes 10 seconds, which may be outside the overlap. You can also do things like change your password to a temporary one, tell your friend your temporary password and the output of the key, have them log in on their computer, then immediately change your password back. This is how people shared the StarCraft II beta, for example. Blizzard now has an additional layer on account settings changes - you have to input the authenticator code, wait, and then input the next authenticator code.

      This windowing system is a fundamental necessity as you have to give people time to type shit in, for their browsers to send shit back and forth, for your own servers to process shit, and to allow for clock skew. The windowing system can be used by an active attacker (either pwing the box or acting as a MITM) to get authenticated as the user. This is why some banking / stock sites make you input a code for every transaction.

      2-factor authentication sent over a single channel only prevents you from attackers who harvest credentials and sell/use them later. An active attacker can use that shit immediately, while it's still valid. An active attacker can fool the user into giving them more valid credentials when needed by popping up a bogus security dialog asking them to hit the button and type in the key to confirm their free $10 gift card reward or to keep their session from timing out or whatever.

    14. Re:How does it secure against spoofing? by Opportunist · · Score: 1

      Technically, "real" two factor authentication, with two different channels involved, require an attacker to infect and hijack BOTH channels if he doesn't want the victim to notice it.

      As an example, take what many banks did with text message as confirmation for orders. You place the order on your computer, then you get a text message to your cell phone stating what the order is and a confirmation code you should enter in your computer if the order you get as confirmation on your cellphone is correct. That way an attacker would have to manipulate both, browser output on the computer and text messages on the phone, to successfully attack the user.

      In other words, it does of course not avoid the infection. It makes a successful attack just much harder and a detection of the attack (with the ability to avoid damage) much more likely.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    15. Re:How does it secure against spoofing? by Opportunist · · Score: 1

      The system you describe has been implemented often. Most often I've seen it with online games and the like where the main threat is the use of credentials by a malicious third party (i.e. some account hijacker stealing username and password, logging into your account and doing nefarious things with it). For that, you don't need a dongle. You need two synchronized devices that output the same (usually numeric) key at the same time. Basically you get the same if you take a timestamp, sign it using PKI and have the other side verify it. If you have two synchronized clocks, transmitting the signature (or its hash) suffices. That doesn't really require plugging anything anywhere, although it probably gets a lot easier and faster to use if you don't have to type in some numbers and instead have a USB key transmit it at the push of a button.

      But that's no silver bullet. All it does is verify that whoever sits in front of the computer is supposedly who they claim to be and entitled to do what they're doing. It does NOT verify what is being sent, or that the content being sent is actually what this user wanted to send.

      If anything, it protects Google rather than the user. Because all that system does is making whatever is done by the user of the account non repudiable. Because whatever is done, it MUST have been you. Nobody else could have done it, nobody else has your dongle.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    16. Re:How does it secure against spoofing? by Opportunist · · Score: 1

      By promising him dancing pigs if he just presses it for me...

      Seriously, don't overengineer it. You'll only hate yourself for investing too much brain power when you learn that all it took was the promise of cute kittens of bouncing boobs.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    17. Re:How does it secure against spoofing? by Opportunist · · Score: 1

      Ok, using what frequency? As far as I'm aware the whole spectrum that could be used by 3G is owned by some telcos and considering just how expensive using those freqs is they will hardly be so nice to let you use them for a little bit. They'll want to see money for that!

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    18. Re:How does it secure against spoofing? by Opportunist · · Score: 1

      The second channel will not secure a compromised channel, but it will make it easier to detect it.

      There are various defenses against replay attacks, most of them relying on keys being tied to the current time and only being valid NOW but neither before nor after. But that is only good against a replay, it is quite useless when the attacker is manipulating your own communication. That has been the staple of attacks against banking software since the advent of the OTPs, and the only sensible defense against that is actually a two channel communication. Out of band one way transmission (i.e. sending a OTP to the customer to use in the transaction) doesn't help here.

      There is very little you can do to combat malware infections unless you are willing to use a second channel. At some point in the communication the data is vulnerable to modifiction, no matter how well you try to shield it. It resides in memory, unencrypted, at some point in time. And if nothing else, this is where it will be manipulated.

      And it's heaps easier to do if the interface used is a browser. You can literally pick and choose just where you want to mess with the data.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    19. Re:How does it secure against spoofing? by swillden · · Score: 1

      The second channel will not secure a compromised channel, but it will make it easier to detect it.

      Oh, you're talking about a completely separate channel, with no joining to the primary channel? That creates its own set of problems... when the user authorizes a login, how do we bind that authorization to the login the user is attempting, rather than a login from some other location? Without a join (e.g. entering OTP from second channel into primary channel, or vice versa), the attacker just has to figure out when the user is logging in, and beat them.

      There is very little you can do to combat malware infections unless you are willing to use a second channel.

      I maintain that a second channel doesn't really help, either as defense or for detection, and you haven't suggested any way that it might.

      At some point in the communication the data is vulnerable to modifiction, no matter how well you try to shield it. It resides in memory, unencrypted, at some point in time.

      In the case of a security key no, it does not. Not in the memory of the PC. The PC and browser are merely a conduit for an authentication process that occurs between security key and server. It's actually pretty reasonable to characterize this as a second, virtual channel. It's MITM-resistant; an attacker can block the messages but can't fake, modify or replay them without failing the auth. It is also bound to the primary channel, though that binding is admittedly dependent on the PC being uncompromised. But if the PC is compromised to the level that the attacker can cause the auth plugin to lie to the security key then there is no hope of achieving any security. A separate channel definitely wouldn't help.

      And it's heaps easier to do if the interface used is a browser.

      Sure. But the goal is to create as much security as possible within the context of what people actually use. Theorizing about some completely different approach that no one would use is entertaining but pointless.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    20. Re:How does it secure against spoofing? by Junta · · Score: 1

      Well, two factor doesn't mandate two channels (for example a door access system that requires both a badge and a keycode is also two factor), but yes, two distinct devices needing to be hijacked is better. However, in your example that's not assured either. If the mobile device is used to access the website then it's still one device. There's no guarantee that the user used a different device to access the web and process the text message. It's at the discretion of the user to take care of their circumstances appropriately.

      Ultimately, the point I was trying to make is that this is an improvement over the usual state of things and should not be discouraged just because it isn't perfect. This aspect of security is trying to find the right balance between 'secure' and 'friendly'. It's easy to be secure if you don't care how hard it is to use, but making two-factor authentication as the norm for authentication has thus far eluded us due to acceptance issues, rather than technical failings. We have dozens of viable two-factor authentication approaches, just none that most people would tolerate.

      --
      XML is like violence. If it doesn't solve the problem, use more.
    21. Re:How does it secure against spoofing? by Gr8Apes · · Score: 1

      It's in Chrome which already tracks everything you do, and now, with dongle, it's guaranteed to probably be you. You wouldn't leave your dongle, err, password out for everyone to use, now would you?

      --
      The cesspool just got a check and balance.
    22. Re:How does it secure against spoofing? by Gr8Apes · · Score: 1

      I'm not sure what SCOTUS decision or case you're referring to. That aside, the next Android being encrypted was an obvious response to Apple's encryption announcement, a "me too" thing. The 2FA dongle tied into Chrome seems like a nice way to almost guarantee that a specific user is browsing the web at that time.

      --
      The cesspool just got a check and balance.
    23. Re:How does it secure against spoofing? by Opportunist · · Score: 1

      No, there is no guarantee that the user will not use a mobile phone to access his online banking (and the idiocy of some banks pushing out mobile apps for online banking doesn't actually improve security in that area either).

      You can't make the user secure. You can only offer it to him and hope that he's intelligent enough to accept it.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    24. Re:How does it secure against spoofing? by Junta · · Score: 1

      idiocy of some banks pushing out mobile apps for online banking

      Though that pales in comparison to having the secret number to take as much of your money as someone wants printed in plain on paper checks or stamped into a little piece of plastic that you share with anyone that you give money. If a mobile banking app would help me spend money in a more secure fashion at vendors, I'd gladly take it over a credit card to swipe. It could actually be substantially be incredibly more secure than chip and pin in some ways (e.g. the account holder fully controls the input and display device and can communicate with financial institution without going through vendor provided equipment.

      --
      XML is like violence. If it doesn't solve the problem, use more.
    25. Re:How does it secure against spoofing? by Anonymous Coward · · Score: 0

      Yes, guaranteed tracking of "you" everywhere. On our way to an "Internet License". Your age will be tied to the key so it will protect you from bad things until you are 18, etc.

    26. Re: How does it secure against spoofing? by Anonymous Coward · · Score: 0

      There's another baked more fundamentally into the protocol. The thrilling "Application isolation through facet identification" allows the administrators of example.com to use the same identity on all the URLs specified in e.g. https://example.com/app-identity. Therefore, simply by requesting the user to authenticate twice, the accounts on the colluding sites can be strongly linked. If the challenge is only released after the user types their password, as ia suggested, perhaps that is not such an issue.

  5. problem by micahraleigh · · Score: 1

    How will the government help us correctly understand politics if they can't read our email?

    1. Re:problem by Archangel+Michael · · Score: 1

      What makes you think our government gives a shit about anything other than grabbing more power? Besides, they'll just lose the email in an unfortunate chain of hard drive crashes, and the firing of the email archive company.

      --
      Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
    2. Re:problem by fahrbot-bot · · Score: 1

      What makes you think our government gives a shit about anything other than grabbing more power?

      I'm not sure that sentiment makes sense - or ever has. The Government already has *all* the power, should it wish to exercise it. They make, interpret and enforce (or not) all the rules. All it takes is good people not doing anything to stop bad people.

      For example. The Supreme Court recently decided that Freedom of Speech over-rides any argument for a buffer-zone around abortion clinics (and, I believe, other places), but strictly enforces a buffer-zone around the steps of the Supreme Court.

      --
      It must have been something you assimilated. . . .
    3. Re:problem by fibonacci8 · · Score: 1

      The solution is a referendum declaring the Supreme Court is an abortion clinic, problem solved.

      --
      Inheritance is the sincerest form of nepotism.
    4. Re:problem by ewibble · · Score: 1

      The Government already has *all* the power, should it wish to exercise it.

      Not true it does have a lot, but only to the point that people don't rebel against it. The trick is to make the people happy enough so they don't rebel while getting as much power as possible. Monitoring everyone greatly increases this power since you can squash dissidents (opponents to your power) much sooner, you can do this by labeling them the boogie man of the time, (currently terrorist) and imprison then for as long as you like without trial, or just assassinate them of course.

      The scarey thing is, I think they will do it believing that they are doing for the common good. Your beliefs are obviously right, and your opponents are wrong, they wouldn't be your beliefs if you didn't consider your beliefs right. You wouldn't want someone in power that you think would do the wrong thing, would you?

    5. Re:problem by micahraleigh · · Score: 1

      Well, the IRS has helped some tea party organizations understand they have incorrect political views.

      According to Eric Snowden, the NSA has been happy to help their significant others (and potential significant others) by keeping an eye on them.

      Some government offices in Ohio helped us learn more about Joe the Plumbers' tax history (since he has incorrect political views).

      So you see, the government has lots of time to help. And what will they do with all this time if they can't read our emails?

  6. BadUSB exploit catalyst by ktilford · · Score: 2

    Good way to spread BadUSB exploits.

    1. Re:BadUSB exploit catalyst by The+Cisco+Kid · · Score: 1

      I'd venture a guess that a SECURITY KEY is not vulnerable to such a thing.

  7. Backdoor? by Anonymous Coward · · Score: 0

    When i bought yubikey neo more than a year ago i was disappointed to find out that due to new regulations each device had been updated to have a serial number that was also appended/part of every transaction. I inferred that to be a back door. Is this still the case. Is this new version truly my key or is it yubi cos key also that can be stolen?

    The announcement was again very fluffy, hoping someone else does the footwork to see if this is truly viable to secure my kingdom...

  8. However.... by Anonymous Coward · · Score: 0

    It still doesn't protect you against someone who steals the USB key, or uses duress to obtain it from you. Perhaps a 3-step system could be designed. Step 1: Have login/password. Step 2: USB key. Step 3: Huge, muscular guy with a lead pipe and/or gun.

  9. Yeah, but... by Anonymous Coward · · Score: 0

    It's fucking Google. You don't need security because you CAN'T have security with them.

    Privacy and security are impossible to attain when you're making use of the services of a company whose purpose is to gather all the data it can about you by any fucking means possible.

  10. FIDO 2 Factor by dac56 · · Score: 2

    Does anyone know if LastPass USB dongles qualify?

    1. Re:FIDO 2 Factor by Anonymous Coward · · Score: 0

      The neo and neo-n work.

  11. Yet another Chrome-only technology by Anonymous Coward · · Score: 0

    It's really sad to see Google turning inwards like this. What happened to working towards open standards for such things?

    1. Re:Yet another Chrome-only technology by Minwee · · Score: 4, Funny

      It's really sad to see Google turning inwards like this. What happened to working towards open standards for such things?

      Too true. Couldn't they have used an open standard like FIDO's U2F instead of using proprietary technology like...

      Wait, what was your objection again?

  12. Too bad google's own search doesn't turn up any by The+Cisco+Kid · · Score: 1

    where to buy one from.

    "Your search - FIDO U2F Security Key -amazon - did not match any shopping results"

    1. Re:Too bad google's own search doesn't turn up any by jeffmflanagan · · Score: 2

      Inexpensive one: http://www.amazon.com/dp/B00NL...
      More expensive one with additional functionality http://www.amazon.com/dp/B00LX...

    2. Re:Too bad google's own search doesn't turn up any by Anonymous Coward · · Score: 0

      Why are you eliminating amazon from the search with "-amazon"?

    3. Re:Too bad google's own search doesn't turn up any by The+Cisco+Kid · · Score: 1

      Your search left off the necessary -"amazon.com".

      Amazon's order process is broken in a manner which precludes me from ordering anything from them.

    4. Re:Too bad google's own search doesn't turn up any by The+Cisco+Kid · · Score: 1

      Oddly, while it still does not find any security keys, that same search now gives me two results - one for a pet door, and another for a pet carrier. I doubt either of those is compatible with google's authentication system.

      If something is ONLY available through amazon, its not available.

  13. I can't wait... by Anonymous Coward · · Score: 0

    I can't wait for Mozilla to create a version of this that's actually trustworthy and works well outside of Google's ecosystem. That way the purpose isn't just to help Google know more about me under the guise of "helping protect me". I also can't wait for nobody to adopt it because it's not fully compatible with the Google or Apple ecosystems.

  14. The way bank do it by DrYak · · Score: 3, Informative

    The way some bank do it, is that the authification asker (a 2F-protected service provider) sends a signed/encrypted message, that the security token decodes/verifies/displays. That message can't be tampered with (cryptography).

    So the token will display the message (something like "Authentication required to access GMail.com").
    so if an attacker tries to intercept your credential by opening an actual google page in the background, you'll notice that what the thing pretends to be on screen and what the dongle register as an asker aren't the same.

    The way to fool the user would be to try to look actually like the page you're trying to spoof. So an attacker needs to look like GMail, so the user thinks he's on Gmail, whereas actually it's a malware page maskarading as it and relying security tokens from the real Gmail.

    Now the way that banks counter-act that, is that any critical action (payment, etc.) needs to be confirmed again by the security token system. So the theoretic man-in-the-middle can't inject payment for 10'000$ for his Cayman Islands account. Because every payment needs to be confirmed again. And the bank will issue confirmation message regarding transaction.
    You'll notice if when paying a phone bill, the confirmation message instead is 10'000$ for Cayman Islands.

    Overall, it works as if the security token is its very own separate device, designed to work over non-reliable non-trusty channel.

    (The device doesn't implement a full TCP/IP stack. Most example device accepts only:
    - a string of caracters as an input (i.e.: you need to type the last five digit of the account you need to send funds too. The bank will notice when you type the digit of your utility company, but the man-in-the-middle has tried to inject a cayman island account from your browser).
    - a 2D flashing barcode to automate string input.
    - for the most crazy solution: writing a string to file on a flash-disk, this flashdisk is shared with the security token's microcontroller.
    Each time, the attack surface is very small. Only a short string of data is passed. You can't get much exploitable bugs.

    For the output, only a string again:
    - that you read and type from the token's screen.
    - that the token can type on your behalf, communicating with a HID chip on the same device.
    - the token can send it to a flash device that makes it visible inside a file.
    Again, the security token it self is limited to send just a string. Very small attack surface. All the funny "stuff" are implemented outside, and thus very low risk of remote exploitability)

    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
  15. Smart Cards? by Mr+44 · · Score: 1

    Why not use standard smartcards with client-side SSL certs for this? There's already a widely used cross-platform, cross-browser, hardware/software standard to do exactly this!

    1. Re:Smart Cards? by polpot78 · · Score: 2
      I was just wondering about the same. The benefits for Smart Cards (preferably USB-dongles), is that it is actually a x509 or PKCS#12 certificate on them. This means that one can use encryption as security. Usecases for Smart Cards:
      1. SSH
      2. OpenVPN or StrongSwan
      3. Encryption of harddrive
      4. SSL client certificate for web-browsing

      The dongles also lock them selfes up if I type the wrong pin too many times.

    2. Re:Smart Cards? by Anonymous Coward · · Score: 0

      Simple. Nobody has a smart card reader. Even companies like Lenovo aren't including readers anymore because Thin! Thin! Thin!. However, almost everybody still has a USB port. (Although I have a Marx token in my pocket - it is a smart card and reader built into something smaller than most USB memory keys - and something like that could work as long as the trust path to the certificate and appropriate Smart Card middleware was on the machine).

    3. Re:Smart Cards? by Anonymous Coward · · Score: 0

      Most end-user consumer grade computers don't have a smart card reader.

    4. Re: Smart Cards? by Anonymous Coward · · Score: 1

      FIDO U2F was supposed to use a public-private key author system along with a JavaScript API. Looks like they chumped out and fell back on HOTP.

      The SSL peer cert is non-starter because neither the client nor server software ecosystem is setup to make it easy to manage that (who here even knows how to get the peer cert from their server stack? Or if you can do it without hacking the server framework? My stack can, but I wrote my entire server stack from the ground up, including massive Lua bindings to OpenSSL and my own asynchronous SSL sockets library.). The JavaScript API would have been a huge step forward, and they would have also ditched PKCS for a simpler USB protocol.

    5. Re:Smart Cards? by toonces33 · · Score: 2

      That's true, but there is nothing stopping a USB dongle from using x509 or PKCS#12. Typically any card or token that is also capable of being used for Windows login has these capabilities.

      I haven't found enough about this new thing to say how they work yet. The *implication* from Yubikey is that you need a "NEO" version for U2F, and it *sounds* like at least some of these capabilities may be present on that token. I will probably end up ordering one just for grins and giggles, and from there I should be able to query the thing and see whether it really supports x509 and/or PKCS#12.

  16. Man In The Browser Attack by icknay · · Score: 3, Interesting
    It's great the Google is trying to advance this. The attack to worry about is "Man In the Browser" MITB http://en.wikipedia.org/wiki/M...

    MITB is the difficult case, and the way that bank accounts get emptied. The bad guy has malware on the victim computer, and the malware puts up web pages, and of course it can just lie about the url bar. So then the bad guy puts up the fake bank web site, and the victim type in the 2-factor code or whatever, and now the bad guy has it. Obviously Google knows about the MITB case. Does this thing have some sort of MITB mitigation? I'm guessing it does something. Hey Google, what do you say?

    The classical solution to MITB is that the little key has its own display, so it can show "Confirm transfer $4500 to account 3456" - showing the correct info to the "victim" even if their laptop is compromised. Basically, keeping the usb key itself from getting malware is feasible, while keeping the laptop or whatever clean is not.

    1. Re:Man In The Browser Attack by icknay · · Score: 1

      Well I watched some low-content video, and it mentions the MITM case (I called it MITB, but whatever). However, there was zero actual information. I guess one way it could work is that the key and google.com have a shared secret, and this is used to bring up a channel between google and the key, and that channel can be secure even if the bad guy controls the browser. But then how is the browser UI resistant against the MITB attack, since obviously the browser is running outside of the key, and outside the keygoogle secure channel. I'm quite curious what they've done there. Hey Google -- let's have the reassuring video for the normals. But put in 10 more hours to publish the 2 page whitepaper on how this thing actually works against MITB the slashdot/hackernews folks please.

    2. Re:Man In The Browser Attack by Chalnoth · · Score: 1

      The security key won't respond if it doesn't receive the right message from the website. Some detail here: http://fidoalliance.org/specs/... (See section 6, page 11)

    3. Re:Man In The Browser Attack by robmv · · Score: 1

      Fido U2F overview

    4. Re:Man In The Browser Attack by Barlo_Mung_42 · · Score: 1

      I think Bank of America tries to solve this by having an Account Image that you are supposed to recognize before entering your particulars. The MITB would need to know which image to show me as well as pop up what looks like a real sign in screen.

    5. Re:Man In The Browser Attack by icknay · · Score: 1
      Ah, thanks. From a quick read of the doc, it is focused on the MITM case. My read of the quote below is that the MITB case is, in fact, not solved. +1 for being honest and transparent. Still, it's progress for one common class of attacks (like say your government feeding you a fake gmail page). It would probably be better in their docs if they used the "MITB" terminology (hey, it has its own wikipedia page!) to be super clear about what is and is not solved. Ultimately, the MITB solution dongle will probably need a little display on it, as outlined above.

      9. Client Malware Interactions with U2F Devices As long as U2F devices can be accessed directly from user space on the client OS, it is possible for malware to create a keypair using a fake origin and exercise the U2F device. The U2F device will not be able to distinguish 'good' client software from 'bad' client software. On a similar note, it is possible for malware to relay requests from Client machine #1 to a U2F device attached to client machine #2 if the malware is running on both machines. This is conceptually no different from a shared communication channel between the Client machine (in this case #1) and the U2F device (which happens to be on machine #2). It is not in scope to protect against this situation. Protection against malware becomes more possible if the U2F client is built into the OS system layer as opposed to running in user space. The OS can obtain exclusive access to U2F devices and enforce methods to ensure origin matches.

    6. Re:Man In The Browser Attack by Anonymous Coward · · Score: 0

      The purpose of those images is to keep you from locking other people's accounts with invalid login attempts if you fat finger your username. A MITM can retrieve your security image by passing your username to the bank, so it provides no security on that front.

    7. Re:Man In The Browser Attack by Anonymous Coward · · Score: 0

      Please mod parent up for actually doing his homework.

    8. Re: Man In The Browser Attack by Anonymous Coward · · Score: 0

      A man in the browser can just go and fetch the correct challenge from the service provider. In that threat model there are only two benefits: The long term key on the token is never presented to the machine and authentication events can only happen when the user presses the button on the device (although the protocol allows sites not to require this as as option)

  17. Why not... by Junta · · Score: 1

    Use FreeOTP or Google Authenticator? It's simple yet pretty well secure and allows an arbitrary mobile device to provide keycodes? Sure, you have to actually type a few numbers (the horror), but at least you don't need yet another security dongle that, despite the current hype, will probably be obsolete in a couple of years.

    --
    XML is like violence. If it doesn't solve the problem, use more.
  18. Re:new NEO by X-Ray+Artist · · Score: 1

    "new NEO?"
    Is this a built-in redundancy?

    --
    I would have a sig but I am too busy updating programs and restarting my computer
  19. How does it work? by kosmosik · · Score: 1

    Cant wait to get my hands on one of these. Unfortunately Amazon doesn't ship to Poland so I can't get it here. I have two concerns regarding this:

    I understand this is an amateur class device. Better (or is it?) than Authenticator app as you need to gain the physical key since a phone app can be accessed remotely at least in theory but still not hard security as corporate smart cards, RSA tokens etc. Just hardware two form auth for the masses and I guess it is a good thing to have (or is it?). But as I see the form of distribution of this hardware is quite loose. If I order it via Amazon (if I could) it goes through amazon warehouses, shipping company etc. - could this device be tampered with in shipping? Shouldn't it have a safer distribution method like physical store so you can randomly pick one and it couldn't be identified to your identity?

    How does it work? It states that it requires supported browser (Chrome 38) on any platform it runs but does it also work in Chromium (I am using Chromium)? Can it be used in other applications f.e. VPN client, SSH client? Does it use some open source library, tools? How it works as a device - I plug it in and it registers as standard USB class device - what class is it?

    I've tried to google these concerns for few seconds but couldn't find good information so please anybody could clarify on this?

  20. Won't work in corporates/governments by Anonymous Coward · · Score: 0

    A lot of SOE's disable USB access on their computers, so this is fucked before it starts. A 2F application running on iOS/Android devices polling an authentication API for pending approvals might work well, e.g.:

    1. User wants to login to Site A
    2. Site A sends an authentication challenge to the Google/Authentication API
    3. Mobile device displays the list of current challenges for the User to click Approve/Deny on, User clicks Approve on this challenge
    4. Site A receives confirmation from the Google/Authentication API and allows User to continue
  21. GOOG innovation by Anonymous Coward · · Score: 0

    You mean like all Chinese banks have been doing for the last 10 years?

  22. well well well by Anonymous Coward · · Score: 0

    its a usb device. So the standard methods of usb redirection apply. If your computer is infected with something that can do that, which is not uncommon functionality in a decent modern rootkit for windoze, this dongle wont make you more secure.

    Its a permanent, hardware based ID token. And its for use with G-oogle services. Yes, the bar gets raised as to WHO gets to misuse your account. Yes, bypassing this requires alot more work on the part of random Joe Hacker who's fishing in the upstream...

    However, dare i say, against attackers who own the networks, the telcos, the spooks, the organised faggots who get access to firmware of this thing, it has potential of reducing security for the end user. One token to clone, one token to completely take over your identity. And don't get me started on the possibilities that having a hardware token controlled by third party stuck in one of your usb ports creates for monitoring and infiltration. Also, its made by an american corporation. Trusting those is beyond stupid.

    Existence of such devices is theater. No real security.

    1. Re:well well well by Anonymous Coward · · Score: 0

      Well luckily FIDO is an open standard so you can just make your own.

  23. how many slots? by Anonymous Coward · · Score: 0

    An online service I know offers a Yubikey, but it only has two slots. One of them is pre-configured to work with their service, which leaves one for your own use.

    While I like the idea of the keys I am afraid, that instead of 50 passwords we're gonna have 50 (ok, 25) keys dangling on our keychains. Any solutions before they're needed?

  24. Will this work only on Google sites? by jbssm · · Score: 1

    I use Google Authenticator for quite some sites, not only the Google ones.

    After reading the links here I'm under the impression that any site outside Google will not work with this method and I'll have to continue using the Authenticator app on my phone. Is that correct?

  25. Add another gadget to your pocket by Anonymous Coward · · Score: 0

    Personal Phone, Tablet, Laptop and now Dongle....