Logging In With New Google Login Screen Doesn’t Let Me Use a Hardware Security Key
Google’s new Passkey option is not ideal
I set up a new account in a new workspace. I added a hardware security key. I don’t see how to make it the default.
It was not easy to add in the first place (as it was in the past) because Google seems to be trying to force you to create a passkey where you use only the hardware security key and some biometrics, not a password.
As I wrote in a past post — biometrics cannot be rotated and we already have evidence they have been stolen. If you ever went to China, some of that is collected at the airport. You can’t get in without it. So I am not a fan of biometric security for login purposes.
Alternatively you can use the number associated with your hardware security key. Well, that’s a short number that is much easier to guess than a complex password. It’s also associated with the hardware security key — not a true second factor as I explained in my book on cybersecurity for executives at the bottom of this post.
I want to use a hardware key and a password.
I do not want to give users the option to use biometrics, or only a key and skip passwords.
Now when I log into a certain account to which I have added a hardware security key it seems like I can’t even do that in incognito mode. On another account, I was able to choose “more option” and select my hardware security key.
Google’s login process is currently very inconsistent and seems to have some problems as do Google profiles which I wrote about in this post:
This is all happening in a newer workspace. I believe I disabled profiles in my prior workspace which may have resolved some of these problems, which I hope Google will fix soon.
Update: Not sure what is going on but on another account I logged into I got all the expected options. I know Google has this experimental stuff they push out. Not sure if that has something to do with it.
Follow for updates.
Teri Radichel | © 2nd Sight Lab 2024
About Teri Radichel:
~~~~~~~~~~~~~~~~~~~~
⭐️ Author: Cybersecurity Books
⭐️ Presentations: Presentations by Teri Radichel
⭐️ Recognition: SANS Award, AWS Security Hero, IANS Faculty
⭐️ Certifications: SANS ~ GSE 240
⭐️ Education: BA Business, Master of Software Engineering, Master of Infosec
⭐️ Company: Penetration Tests, Assessments, Phone Consulting ~ 2nd Sight LabNeed Help With Cybersecurity, Cloud, or Application Security?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
🔒 Request a penetration test or security assessment
🔒 Schedule a consulting call
🔒 Cybersecurity Speaker for PresentationFollow for more stories like this:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
❤️ Sign Up my Medium Email List
❤️ Twitter: @teriradichel
❤️ LinkedIn: https://www.linkedin.com/in/teriradichel
❤️ Mastodon: @teriradichel@infosec.exchange
❤️ Facebook: 2nd Sight Lab
❤️ YouTube: @2ndsightlab