Bluetooth Based 2-Factor Authentication Key For Google Accounts Shows Up on Chrome OS

Can I create an entire blog post around a single screenshot I grabbed from my Chromebook? Let me try.

I have the two factor authentication enabled for my Google account. I use a security key that connects via USB for this. While trying to set up Play Store on my Chromebook recently, I got this screen for two factor authentication:

This screen has a picture of a security key which looks like something that you carry along with your car key or home key. There is something that looks like a button too. This could be similar to the flashing light/button that comes with the USB based security keys. Here is an image of this from Yubikey:

Not Completely New

Google has been working with Yubico to create security keys that work with Google accounts providing an additional layer of security for users. Yubico is currently experimenting with Bluetooth based security keys. Using Bluetooth as method to connect to a 2-factor authentication device comes with its own challenges.

Yubico in their blog post mentions many such challenges:

  • Bluetooth pairing is not an easy thing to get right, for the engineer and also for the user
  • Bluetooth compatibility with operating systems
  • Battery life, Bluetooth based devices will need batteries as opposed to the USB devices that we currently use
  • Radio regulatory issues that come with Bluetooth devices

Here is the most important part of that blog post for me:

In summary, we are selectively releasing the YubiKey BLE into specific pilots. As platform support matures during the second half of 2016, we will increase the pace of our Bluetooth certifications. Stay tuned and once the entire ecosystem is ready for prime-time, we are too.

Looks like Chrome OS and Android (because this showed up during Play Store set up) are part of this pilot mentioned in the Yubico article. From the screenshot, it looks like this device is already being tested.

Join 4,062 other subscribers

3 responses

  1. Bluetooth is a wireless standard not a security tool.

  2. Interesting. I’m curious about the benefits of an USB key vs receiving an SMS on your phone. Are you out of range or your phone battery dies frequently?

    I can see how using a key could be beneficial for people with poor mobile connectivity but, if someone is going to use BTLE, would it not be easier to use an Android/iPhone app instead of a dongle?

    1. Google did purchase SMS authentication from Twitter a week or so ago. It is called Fabric and Digits.

      Would be curious if this ultimately plays into what they are doing?

Leave a Reply

Your email address will not be published.