Google is embarking on an open-source security key project with the end goal of replacing passwords on the Internet with more secure ways of authentication. The OpenSK scheme is Google's latest extension in the security key ecosystem.
“With the help of the research and developer communities, we hope OpenSK over time will bring innovative features, stronger embedded crypto, and encourage widespread adoption of trusted phishing-resistant tokens and a passwordless web,” the blog post states.
Taking the lead from similar projects, such as Solo and Somu, the search titan has created its own open-source, "phishing resistant" method for two-factor authentication (2FA). Written in programming language Rust, OpenSK is based on the concept of FIDO keys (Fast IDentity Online).
How do the security keys work?
Traditional 2FA methods often revolve around SMS-based authentication. By contrast, security keys are directly injected into a computer to prove identity. They should help to keep people secure online.
OpenSK enables anyone to create their own security key. By combining Google's open-source firmware with a Nordic chip dongle—a piece of kit designed for a range of wireless communication—developers are free to test and expand the parameters of openSK for themselves.
FIDO keys have been growing in popularity of late. They're cited as the next step in the evolution of internet security, tasked with the charge of advancing our online protection—all while riding us of clunky passwords and eliminating laborious safety precautions.
"By opening up OpenSK as a research platform, our hope is that it will be used by researchers, security key manufacturers, and enthusiasts to help develop innovative features and accelerate security key adoption," reads the blog.
How does this help Web3?
The movement towards a more privacy-centric, decentralized Internet, where users have more control over their data online—commonly known as Web3—continues to grow. Advancements in blockchain technology are helping to rethink the way online websites are built and run. Even Twitter CEO Jack Dorsey wants to create a decentralized architecture for Twitter and other social media sites.
Google’s push towards more secure access to online services could help to advance this, making it easier for people to secure their own identity online.
The OpenSK project could also encourage everyday people to become more familiar with using devices in their own home that help to control their online identity and accounts. This could make for easier adoption of cryptocurrency hardware wallets—devices that help to secure Bitcoin and other coins.
While the hardware wallet market shows great potential, it is hard to encourage the crypto curious to invest in them without bigger companies pushing the trend. Hardware wallets can be fiddly to set up and are expensive. If people get used to managing their own privacy and identity, it could make for a safer Internet. But until then, custodial companies like Coinbase will continue sucking in the new entrants.