CYBERSECURITY: This low-cost device may be the world’s best hope against account takeovers.

The Security Keys are based on Universal Second Factor, an open standard that’s easy for end users to use and straightforward for engineers to stitch into hardware and websites. When plugged into a standard USB port, the keys provide a “cryptographic assertion” that’s just about impossible for attackers to guess or phish. Accounts can require that cryptographic key in addition to a normal user password when users log in. Google, Dropbox, GitHub, and other sites have already implemented the standard into their platforms.

After more than two years of public implementation and internal study, Google security architects have declared Security Keys their preferred form of two-factor authentication. The architects based their assessment on the ease of using and deploying keys, the security it provided against phishing and other types of password attacks, and the lack of privacy trade-offs that accompany some other forms of two-factor authentication.

Two-factor authentication can be a real pain for users, as well. Just switching over from two-step authentication (not the same thing!) to two-factor a year or two ago was a confusing hassle. But according to the story, “Security Keys, by contrast to the alternatives, provide the best mix of security, usability, and privacy. They sell for as little as $10, although some of the more popular brands—such as the U2F Security Key from Yubico—list for $18. They’re smaller than a door key, plug into a computer’s USB slot, and require no batteries.”

These keys should become standard equipment.