Enterprises of all types and sizes are operating on, or migrating to, Google Apps for Work. Google has gone to great lengths to engineer security into its core solution. Yet in 2014, reports suggest 5 Million Google account passwords were compromised. For organizations where security is mission critical, two-factor authentication is a best practice.
But with so many alternatives out there already – most notably, Google Authenticator, which is already used for two-factor authentication across Google’s services – one wonders why we would need a new solution, the Google Security Key?
As the security community has been saying for the past few years, the one-time passwords (OTPs) are inconvenient, annoying, insecure, and obsolete. SMS based OTP systems have been bypassed and widely compromised. A constant drain on productivity and user experience (especially on smart devices) – these represent an ever-increasing risk and expense to the enterprise.
The FIDO Alliance (FIDO – Fast IDentity Online) aims to supplant reliance on passwords to securely authenticate users of online services and published two sets of specifications: FIDO UAF – Universal Authentication Factor and U2F – Universal 2nd Factor. The core ideas driving FIDO are (1) ease of use, (2) privacy and security, and (3) standardization. The second factor FIDO experience is supported by the U2F protocol. This experience allows online services to augment the security of their existing password infrastructure by adding a strong second factor to user login. Is U2F the future of two factor authentication?
The Google security key based on FIDO U2F aims to improve user experience while eliminating phishing, keylogger, observational and man-in-the-middle risks by providing a cryptographic means of authenticating the presence of something physical – such as your U2F token without your identity ever leaving your token.
The Zighra U2F experience
Zighra has pioneered the development of continuous, adaptive behavioral authentication using smartphones as a second-factor for authentication. Behavioral authentication identifies a user based on a unique algorithmic index that reflects the distinctive contextual, positional and sensorial manner in which they use their smartphone. Users have no OTPs to enter and require no USB dongle that can get lost or stolen.
Instead users are safely and accurately authenticated with a simple swipe of their finger. By leveraging the FIDO U2F authentication specification, Zighra enables the users’ phone to be their security key rather than a token generator device or a USB authentication dongle.
Take a test drive!
Zighra’s patent pending behavioral biometrics technology has been developed in collaboration with some of the best research minds in the security space. We are currently accepting a limited number of sign-ups to try out ZigKey for Google Apps.