Shutterstock 1390615925

Are you a Chromebook user? Google has discovered a serious flaw in a Chromebook security feature which allows owners to press their device’s power button to initiate U2F two-factor authentication (2FA). Learn more:

Known as the ‘built-in security key’, the experimental feature was firstenabled for Google PixelBooks last summer.Since then, it has quietly been embedded on numerous Chromebooks that have the necessary H1 CR50 chip inside them, including many made by Dell, HP, Acer, Samsung, Asus and Lenovo. A full list ofaffected devicesis available on Google’s website.

We say ‘quietly’ because it’s unlikely many owners beyond developers have even heard of the feature, let alone used it to authenticate themselves when logging into a website.

The link for this article located at Naked Security is no longer available.