With the security situation these days, a password, especially a simple, easy to guess, and reused one, just no longer cuts it. To help users who may or may not have migrated to stronger passwords, some sites and services have implemented two-step authentication that takes advantage of the smartphone that we almost always have with us nearby. Taking that to a somewhat more convenient but more limited level, Google is introducing Security Key, which uses a USB flash drive to implement that very same security feature.
The second step in two-step authentication involves sending a random code, or sometimes even just a prompt, to a user's linked mobile device. The reasoning is that a smartphone is more secure, at least physically speaking, than a digital password that can be easily hacked or, worse, guessed. Google's new Security Key replaces that part of the process and users will instead simply plug in the USB and authorize the login when prompted.
This Security Key offers some advantages over the usual two-step smartphone method. Aside from that level of security, the USB also only works if the website is verified to be legitimately coming from Google, blocking out phishing attempts and fake sites that would attempt to make you send the verification code to them. A USB also doesn't require batteries or a mobile connection, so it can work anytime anywhere. And as it uses the open Universal 2nd Factor (U2F) protocol from the FIDO (Fast IDentity Online) Alliance, in theory any website that also implements FIDO U2F can utilize that USB as well.
Google Security Key, however, is far from perfect and even Google admits it might not fit everyone. For example, if you access sites on mobile devices, you will naturally not be able to plug in the USB drive. And even though it uses the open U2F protocol, Google's implementation unsurprisingly only works, at the moment, with Google Accounts and on the Chrome browser, specifically version 38 and later only. This leaves out those using other browsers and other login systems to use the older PIN code method. And lastly, Security Key isnt completely free, at least the USB flash drive itself isn't. You will have to purchase one from U2F participating vendor, which can be found on Amazon with prices ranging from $6 to $60
SOURCE: Google