Saturday, November 26, 2016

Enhanced Google Security: Security Key and Password Alert

Google is tracking a curious uptick in government-backed (Russia, China, ?) attacks on journalist gmail accounts.

They are suggesting two security measures that are new to me - a security key and password alert.

Security Key is a USB dongle (FIDO Universal 2nd Factor) Instead of running on your phone. It’s less vulnerable to man-in-the-middle attacks, but “Security Key does not work on browsers other than Chrome.” You can buy one from your favorite Chinese manufacturer on Amazon.

Password Alert is a Chrome app that tries to monitor for man-in-the-middle and phishing attacks. I’ve installed it in Chrome on my Mac. You have to trust Google to use it but if you’re using Chrome you’ve already made that commitment.

The Password Alert extension was part of a series of 2015 security enhancements. I’m surprised I didn’t hear anything about it.

Security Key may be newer, I couldn’t find much about it. I think Google is going to have to start selling these. Why would I trust a Chinese vendor?

No comments: