Online security (cyber security) is very critical these days, and one of the very basic approaches to staying safe and secure online is to use two-factor authentication (2FA). The most common method for 2FA is the use of a password and an SMS-based verification. However, security experts have always warned against the use of SMS verification as it has publicly known SS7 (Signaling System Seven) flaws. This flaw lets attackers receive victim’s text messages thereby bypassing SMS-based 2FA process. So what to do then? Well, USB security keys known as U2F devices (universal second factor) are one of the safest ways to use 2FA. But if you’ve got a Pixelbook, you can mimic this physical aspect of 2FA process with its power button.
9to5Google has spotted a new feature on Pixelbook that lets you turn its power button into a U2F key. If you have the latest version of Chrome installed, you can turn your Pixelbook’s power button into a U2F key by following these steps:
- Open Chrome Shell by holding down Ctrl + Alt + T at the same time
- Run the following command: u2f_flags u2f
You’re now good to add your Pixelbook power button as an additional security key for your online accounts.
Technically, you can enter this command on any Chromebook, but only the Pixelbook actually appears to work at the moment. But with Google putting in the efforts, it could also be available on other devices in the future.
Is it completely reliable?
Having the power button work as a USB security key on Pixelbook is fantastic, as it has just two USB-C ports. However, it goes without saying that Chromebooks can be buggy and unstable while running the Beta or Dev Channels. Hence it is always recommended setting up a separate U2F key, just in case something goes awry with your Pixelbook. Its power button can back-up as a second 2FA key.
But it’s not just that! Two-factor authentication requires two out of these three things: a Knowledge factor (like a password, PIN), a possession factor (like a USB key) and an inherent factor (such as a fingerprint). Having all these things separate would make it harder for someone trying to make illegal access to your accounts.
But with the recent developments in Pixelbook, the possession factor (USB key) is not separate. In fact, your Pixelbook itself becomes your possession factor. So anyone who could get your password (or you have them saved on your browser) and your Pixelbook, has two of the three authentication pieces and is capable of accessing your accounts.
Bottom line: Opt for a separate U2F key.