Google introduces open-source two-factor authentication platform

Get a free Techzine subscription!

Google has placed a new open source project on GitHub called OpenSK. It is a multifactor authentication platform that allows small businesses and hardware vendors to develop their own security keys.

OpenSK appears to be an open-source counterpart to Google’s Titan security key. OpenSK uses the programming language Rust and runs on TockOS. Rust is a programming language that is more focused on security with strong memory protection and is less vulnerable for logical attacks. TockOS is a small operating system with a solid sandbox architecture, where things like the kernel, the drivers and the application are strictly separated from each other.

The project on GitHub includes firmware that you can install on Nordic chip dongles. The Nordic dongles are USB sticks that you can use for two-factor authentication. OpenSK’s firmware uses FIDO U2F and FIDO2 standards, two well-known two-factor authentication standards from the FIDO Alliance.

Elie Bursztein, Google security and anti-abuse researcher and Google software developer Jean-Michel Picod explain in a blog post that with this open-source project they hope that the community will add new innovative features, that will improve two-factor authentication and that more companies will use USB security keys.