Security keys are relatively unknown and their use limited, so we don’t expect a lot of people to know what they are. Another reason for lack of awareness of these little handy USB like devices, is that not every company and individual has the resources or knowledge on how to produce them. Well, that’s soon going to be a thing of the past.
Google has decided to launch an open source project that will encourage hardware vendors dish out their own security keys, thus initiating an era of security and simplicity on the interwebs.
The initiative has been named OpenSK and uses Rust based firmware to turn Nordic chip dongles into a FIDO U2F and FIDO2-compliant security key. In addition to this, Google has also published a source code for users to 3D print a physical case for the dongle, so their security keys look and can be used like standard keys. For now, Google has decided to go with Nordic chips since they are cheap and are the perfect hosts for the technology because they support FIDO2 protocols, including NFC, Bluetooth Low Energy, USB and a dedicated hardware crypto core. However, the company plans to expand the functionality to other chips soon.
With this, Google plans to bring innovation in the password-less market and encourage developers and hardware implementers to bring forth a revolution in the said market. Moreover, Google has been vocal about the security concerns regarding the current generation of the Internet.
Recently, Google found holes in Apple Safari’s security, finding various problems like an issue that cause the OS to execute code after viewing a maliciously crafted JPEG file. Apple has rolled out patches, fixing the issues uncovered by the company.
The company also set a record by paying $6.5 million to hackers who were able to bypass its security and exploits its devices over the last year. In 2018, Google paid out $3.4 million in total to users who were able to assist Google in increasing their security defenses, doubling that number to $6.5 million in 2019.