X

Google's most secure login system now works on Firefox and Edge, too

Better hardware security key support means our post-password future is one step closer to reality.

Stephen Shankland Former Principal Writer
Stephen Shankland worked at CNET from 1998 to 2024 and wrote about processors, digital photography, AI, quantum computing, computer science, materials science, supercomputers, drones, browsers, 3D printing, USB, and new computing technology in general. He has a soft spot in his heart for standards groups and I/O interfaces. His first big scoop was about radioactive cat poop.
Expertise Processors, semiconductors, web browsers, quantum computing, supercomputers, AI, 3D printing, drones, computer science, physics, programming, materials science, USB, UWB, Android, digital photography, science. Credentials
  • Shankland covered the tech industry for more than 25 years and was a science writer for five years before that. He has deep expertise in microprocessors, digital photography, computer hardware and software, internet standards, web technology, and more.
See full bio
Stephen Shankland
2 min read
Yubico's hardware security keys support let you log on without a password on sites, apps and devices that support the FIDO2 authentication technology.

Yubico's hardware security keys let you log on without a password on sites, apps and devices that support the FIDO2 authentication technology.

 Stephen Shankland/CNET

Google has updated its support for hardware security keys so you no longer need to rely on its Chrome browser to log into websites like Gmail, YouTube and G Suite.

Hardware security keys, small devices that connect to devices wirelessly or with USB, offer better logon security than passwords alone or passwords combined with short-lived numeric codes sent to your phone. But until now, Google's support was limited to an earlier standard called U2F that came with a lot of confines. But now Google updated its login with the newer, broader standard of FIDO2 and its incarnation for websites, WebAuthn.

The change means people using Mozilla's Firefox and Microsoft's Edge will be able to log into Google websites with hardware security keys -- though for now they'll still need Chrome to enroll in the system.

And later, embracing FIDO2 opens the door for Google to move beyond passwords entirely, since FIDO2 enables authentication with a combination of security key and biometric data like faces or fingerprints. That would be a victory for those who want to move beyond today's plague of problems with passwords.

U2F, short for Universal Second Factor, is limited to uses that combine the hardware key with a password. Browsers like Firefox, Edge and Apple Safari don't support it. FIDO2, which like U2F was developed by a consortium called the Fast Identity Online Alliance, encompasses U2F and other options, including just the hardware security key alone.

Christiaan Brand, product manager for identity and security, announced Google's move to WebAuthn in a tweet Thursday. On Friday, Mark Risher, director of identity platform and account security, added: "FIDO2 rolling now!"

Google didn't immediately comment on when people would be able to use other browsers to enable hardware security key login or whether Google plans to move to passwordless authentication. Google in February embraced FIDO2 for its Android software, a move that lets people use fingerprints to log into apps.

Microsoft has embraced passwordless logon with Windows and online services like Outlook, Skype and Xbox Live.