Right, but how does the challenge get to the device?
"Security Key is a physical USB second factor that only works after verifying the login site is truly a Google website, not a fake site pretending to be Google."
The specs say that a challenge is involved. The device must receive the challenge. "Typing out" keys isn't sufficient unless that typing can go the other way. And in the OS, there has to be support for Chrome to send data to such a device. Normal keyboard input is not sufficient for this. This is what I'm looking for clarity on.
"Security Key is a physical USB second factor that only works after verifying the login site is truly a Google website, not a fake site pretending to be Google."
The specs say that a challenge is involved. The device must receive the challenge. "Typing out" keys isn't sufficient unless that typing can go the other way. And in the OS, there has to be support for Chrome to send data to such a device. Normal keyboard input is not sufficient for this. This is what I'm looking for clarity on.