Google Creates Powerful New Security System for Enterprises (part 1)

The Silicon Valley giant is using open-source encryption to form the web a safer place. By offering developers first crack at cutting their own pass keys, Google hopes that increased adoption of its new security system will lure the Fortune 500 to its cloud services.

The search-and-advertising company’s OpenSK project offers a more robust layer of protection than passwords, which are soft targets for attackers seeking ways into personal accounts. Once there, they will invade systems and compromise companies.

OpenSK uses a two-factor authentication standard pioneered by the Fast Identification On-Line Alliance, or FIDO, which calls on hardware containing unique access codes instead of passwords. The industry group is committed to a password-free internet.

Making software libraries publicly available to run reference hardware provides developers with tools to make their own FIDO authenticators. Google engineers call OpenSK an experimental research platform but the corporate hopes that enterprises will examine the technology then adopt it.

FIDO-friendly firmware

To spur development, Google has added a dongle produced by Nordic Semiconductor to the Titan family of security keys it introduced two years ago. The Norwegian maker’s widget contains a system-on-chip that interfaces through a USB port or using Bluetooth wireless and near-field communication.

The Nordic dongle and tokens within the Titan lineup contain firmware compatible with FIDO U2F and FIDO2 standards for both desktop and mobile. They use authentication protocols from the seven-year-old alliance taking passwords out of the equation.

The result’s a design that Google says can beat the bots, phishing scams and targeted attacks that employ public-key cryptography to verify user identities and log-in pages – albeit account holders inadvertently display passwords.

Indeed, Google claims it hasn’t suffered a breach since shifting its quite 80,000 employees to Titan in 2017. The Nordic dongle possess an equivalent capabilities and lets users fashion their own carrying case with a 3D printer.