Two-factor authentication (2FA) with a FIDO security key uses public-key cryptography to provide two-way verification: it makes sure that your users are logging into the service they originally registered the security key with, and the service verifies that it’s the correct security key as well. This provides superior protection to code-based verification, like SMS and one-time password (OTP).
Simpler to use
Security keys make 2FA easier. Users simply tap the button on their key instead of retyping codes. Unlike other 2FA methods, also known as multi-factor authentication (MFA), that use one-time codes via text message, security keys don’t require a phone number on users’ accounts.
A must for admins and high-value users
G Suite, Google Cloud Platform, and Cloud Identity admins and users enrolled in the Advanced Protection Program have access to sensitive data and systems. While security keys are recommended for all users for stronger protection against phishing, enforcing security keys for admins and other high-value users should be the first step.
Titan Security Key
Titan Security Keys are built with a secure element that includes firmware engineered by Google to verify the integrity of the key and implement FIDO standards to work with many popular devices, browsers, and services. Titan Security Keys are available on the Google Store and for bulk orders in select countries.
Built-in on Android and iOS phones
The FIDO security key technology that provides phishing-resistant 2FA is now built-in on Android 7+ and iOS phones and enables your users to use the convenience of their phones to help protect their work and personal accounts against phishing attacks and account takeovers. Activate it on your phone today by following these steps.
Account takeover protection
FIDO security keys provide the strongest account protection against automated bots, bulk phishing, and targeted attacks. Security keys send cryptographic proof that users are on a legitimate site and that they have their security key with them.
FIDO security keys are compatible with Chrome and other popular browsers. The same security key your people use to authenticate themselves on Google will also work on GitHub, Facebook, Dropbox, and many other sites.
Security key policies allow G Suite, Cloud Identity, and Google Cloud Platform admins to enforce the use of a security key for greater protection against phishing attacks and account takeovers.
Businesses that run on Stripe trust us with some of their most sensitive information, and we take the security of that information extremely seriously. We’ve found security keys to be ideal second factors because they balance ease-of-use with increased account security. Security key enforcement gives us a way to easily enforce secure logins for all employees, across both their desktop and now mobile devices.Bryan Berg, Security team, Stripe