Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Google's OpenSK lets you BYOSK – burn your own security key

Now there's no excuse

OpenSK, a new open-source project from Google, lets folk make their own security key for less than £10.

You flash the OpenSK firmware on a Nordic dongle – and voila. The USB dongle includes the nRF52840 SoC (32-bit Arm Cortex-M4), supports Bluetooth Low Energy and NFC (Near Field Communication), as well as a user-programmable button. If you have a 3D printer to hand, you can also print a suitable enclosure.

The Nordic dongle with a 3D-printed case

The Nordic dongle with a 3D-printed case

Google offers its own Titan security key for two-factor authentication (2FA) with FIDO U2F and using this or an alternative device goes a long way to protect an account from unauthorised access or takeover. The same keys can be used on other internet sites including AWS and GitHub – but probably not at your banking site.

OpenSK is coded in Rust and runs on TockOS, an embedded operating system designed for "mutually distrustful applications" and also written in Rust. Google's Elie Bursztein, security & anti-abuse research lead, and Jean-Michel Picod, software engineer, said: "Rust's strong memory safety and zero-cost abstractions makes the code less vulnerable to logical attacks."

The purpose of OpenSK is not to enable geeks to get DIY security keys but rather to encourage use "by researchers, security key manufacturers, and enthusiasts to help develop innovative features and accelerate security key adoption". There is also a caution that "this release should be considered as an experimental research project to be used for testing and research purposes".

Any form of 2FA is much better than nothing, but dedicated security keys have advantages over alternatives like text messages, since phone numbers can be hijacked. Sometimes the phone number can also be used for account recovery, making it a weak link despite its popularity.

You can find the code for OpenSK here. ®

 

Similar topics

TIP US OFF

Send us news


Other stories you might like