CNET también está disponible en español.

Ir a español

Don't show this again

Security

Google's most secure login system now works on Firefox and Edge, too

Better hardware security key support means our post-password future is one step closer to reality.

Yubico's hardware security keys support let you log on without a password on sites, apps and devices that support the FIDO2 authentication technology.

Yubico's hardware security keys let you log on without a password on sites, apps and devices that support the FIDO2 authentication technology.

Stephen Shankland/CNET

Google has updated its support for hardware security keys so you no longer need to rely on its Chrome browser to log into websites like Gmail, YouTube and G Suite.

Hardware security keys, small devices that connect to devices wirelessly or with USB, offer better logon security than passwords alone or passwords combined with short-lived numeric codes sent to your phone. But until now, Google's support was limited to an earlier standard called U2F that came with a lot of confines. But now Google updated its login with the newer, broader standard of FIDO2 and its incarnation for websites, WebAuthn.

The change means people using Mozilla's Firefox and Microsoft's Edge will be able to log into Google websites with hardware security keys -- though for now they'll still need Chrome to enroll in the system.

And later, embracing FIDO2 opens the door for Google to move beyond passwords entirely, since FIDO2 enables authentication with a combination of security key and biometric data like faces or fingerprints. That would be a victory for those who want to move beyond today's plague of problems with passwords.

U2F, short for Universal Second Factor, is limited to uses that combine the hardware key with a password. Browsers like Firefox, Edge and Apple Safari don't support it. FIDO2, which like U2F was developed by a consortium called the Fast Identity Online Alliance, encompasses U2F and other options, including just the hardware security key alone.

Christiaan Brand, product manager for identity and security, announced Google's move to WebAuthn in a tweet Thursday. On Friday, Mark Risher, director of identity platform and account security, added: "FIDO2 rolling now!"

Google didn't immediately comment on when people would be able to use other browsers to enable hardware security key login or whether Google plans to move to passwordless authentication. Google in February embraced FIDO2 for its Android software, a move that lets people use fingerprints to log into apps.

Microsoft has embraced passwordless logon with Windows and online services like Outlook, Skype and Xbox Live.