Support our independent tech coverage. Chrome Unboxed is written by real people, for real people—not search algorithms. Join Chrome Unboxed Plus for just $2 a month to get an ad-free experience, access to our private Discord, and more. Learn more about membership here.
START FREE TRIAL (MONTHLY)START FREE TRIAL (ANNUAL)
If you’ve spent any amount of time using a Chromebook, chances are decent that you’ve at least heard the term “verified access.” You may have seen this feature while poking around your settings menu or you may have unknowingly seen the feature in action while streaming some HD content on your ChromeOS device. In the latter case, verified access shows itself as a notification in the center of the top of your screen and it prompts you that the site you are on is requesting to know that you are using a verified ChromeOS hardware platform.
So? What is verified access on ChromeOS?
You’ve likely heard that ChromeOS devices are among the most secure computers in the world and that is, in fact, very true. Thanks to features including the Trusted Platform Module, multiple facets of sandboxing, and a variety of methods by which you can secure your Google account, ChromeOS is arguably the safest, desktop operating system available to the masses. Anyway, those are subjects for another day. Today, we’re talking about verified access. What it does. Who uses it and why it matters.
According to the Google Developer’s Blog:
Verified Access may be used by organizations to get cryptographic assurance that they are providing certificates to real Chromebooks with hardware-protected keys. Verified Access is also used by enhanced playback to provide device eligibility verification to people who provide content, like movies and music.
Plain English, please? Ok, I’m going to explain this in a way that makes sense to me because I’m not a developer and I like to keep things simple. As crucial as securing your internet connection as your data travels across the web, it is equally as important for many users and companies to verify the authenticity of the devices connecting to a given network or server. The former can be done very effectively using a good VPN. The latter, however, requires an actual interaction between the devices or services that are attempting to connect.
If a VPN is the secure tunnel in which your information travels, Verified Access is the gatekeeper that ensures that you are who you say you are before you to transmit or receive data to and from the source behind the wall. The Verified Access API acts as a handshake between your device and the endpoint. When a network service requires verification that you are on verified ChromeOS hardware, the API creates a “challenge” that is sent back to your device. If the challenge is passed and you are using verified hardware, the response is sent to the network service and you are then allowed to access the service or network. Take a look at this diagram for a visual example of how it works.
- The Chrome extension contacts the Verified Access API to create a challenge.
- The Chrome extension calls the enterprise.platformKeys API to generate a challenge-response and sends the access request to the network service, including the challenge-response in the request.
- The network service contacts the Verified Access API to verify the challenge-response.
- In case of successful verification, the network service grants access to the device.
Who uses Verified Access?
There is a variety of use-cases for the Verified Access API but the primary beneficiaries are Enterprise customers. While Verified Access is enabled by default, users can enable it at any time directly from the ChromeOS settings menu. Enterprise clients and Workspace customers can force Verified Access via the Google Admin Console which, in turn, uses the API to ensure that only verified devices are connecting to the company infrastructures and networks.
The other, more-consumer-focused use case here applies to HD and enhanced content on the web. You may have hopped over to Netflix or some other streaming service and you were met by that verification notification I mentioned earlier. That’s the Verified Access API checking to make sure that you are using eligible ChromeOS hardware before you stream or download HD/enhanced content. This is why verified access is enabled out of the box and it ensures that your device will be compatible with the wide range of content delivery sites and services on the web.
Anonymity
It is important to note that the Verified Access API is used solely to pass hardware information for the purpose of verification. User data and personal information is never used in the verified access process. Additionally, a unique key is created for verification for each site visited and these keys are never used for multiple sites. If you log into your device with your personal account, you can enable and disable Verified Access at your leisure in the Security and Privacy section of the ChromeOS settings menu. Enterprise users can enable and require verified access directly from the Google Admin Console under Devices>Chrome>Settings>Device.
So, there you go. There’s a quick look at Verified Access on ChromeOS. Now, when someone asks, you can enlighten them on what it is, how it works, and why they should probably leave it enabled. See you next time.
SUBSCRIBE TO UPSTREAM
Get Chrome Unboxed delivered straight to your inbox
Upstream is our flagship, curated newsletter with the top stories, most click-worthy deals, giveaways, and trending articles from Chrome Unboxed sent directly to your inbox a few times a week. Join 31,000+ subscribers.
