Are you a Chromebook user? Google has discovered a serious flaw in a Chromebook security feature which allows owners to press their device’s power button to initiate U2F two-factor authentication (2FA). Learn more:
Known as the ‘built-in security key’, the experimental feature was first enabled for Google PixelBooks last summer. Since then, it has quietly been embedded on numerous Chromebooks that have the necessary H1 CR50 chip inside them, including many made by Dell, HP, Acer, Samsung, Asus and Lenovo. A full list of affected devices is available on Google’s website.
We say ‘quietly’ because it’s unlikely many owners beyond developers have even heard of the feature, let alone used it to authenticate themselves when logging into a website.