If you genuinely take your online security seriously you should be using two-factor authentication paired with a security key every time you log in. There are lots of options out there, including Google’s own $US50 ($74) Titan security key set, but the company has also recently released software you can use to build your own using a $US10 ($15) dongle.
It seems counterintuitive for a company to release something for free that undercuts sales of another product it charges $US50 ($74) for, but given the millions and millions of people who’ve come to rely on other free services from Google—like Gmail, Google Photos, and even the Android operating system—increasing login security means a reduction in users reaching out for support when their accounts are compromised or hacked.
But OpenSK, Google’s new open-source software that can be flashed onto third-party dongles featuring Bluetooth, USB, and NFC making them compatible with the FIDO U2F and FIDO2 security standards, isn’t just a form of preventative medicine. Google is also hoping that the open nature of OpenSK will result in it being a valuable tool for security researchers, hackers, and even other companies making security key hardware to foster new features and increase adoption among users. Google claims there are now over 2.5 billion active Android devices in the world, compared to around 1.3 billion running iOS, so giving away software to help foster adoption isn’t an entirely baffling idea.
At launch, Google has chosen the Nordic nRF52840 dongle as the initial hardware reference dongle for the project, as it boasts almost all the same features as the Titan security keys, but more importantly, it’s available for about $US10 ($15) from various retailers. By lowering the cost of entry for security keys, which could end up even cheaper down the line as a result of OpenSK, Google is helping to make them more accessible and removing any excuses people have for not properly securing their online existence. It also provides an alternative for those who’ve expressed concerns about potential security compromises when it comes to the hardware supply chain for Google’s Titan keys.