The Strongest Protection for Your Online Accounts? This Little Key
Passwords aren’t enough to fend off hackers; these dongles are the best defense
4 min
Strong passwords are very important, but they’re not enough to protect you from cybercriminals.
Passwords can be leaked or guessed. The key to online security is protecting your account with a strong secondary measure, typically a single-use code. This is referred to as “two-factor authentication,” or 2FA, as the nerds know it.
I’ve written about all the different types of 2FA, such as getting those codes sent via text message or generated in an authenticator app. Having any kind of second factor is better than none at all, but physical security keys—little dongles that you plug into a USB port or tap on your phone during account logins—offer the highest level of protection.
Security keys have been around for over a decade, but now they’re in the spotlight: Apple recently introduced support for them as an optional, added protection for Apple ID accounts. Last month, Twitter removed text-message-based authentication as an option for nonpaying users, recommending instead an authenticator app or security key.
Some people are hesitant to use security keys because carrying around a physical object seems burdensome and they come with a $30-and-up added cost. Plus, what happens if they get lost?
I’ve used security keys since 2016 and think they are actually easier to manage than codes—especially with accounts that don’t require frequent logins. They’re not only convenient, but they can’t be copied or faked by hackers, so they’re safer, too.
Here’s how to weigh the benefits and common concerns of adding one or two of these to your keychain.
Which security key should I use?
Many internet services support the use of security keys, and you can use the same security key to unlock accounts on many different services. I recommend two from industry leader Yubico:
- YubiKey 5C NFC ($US55) if you have a USB-C laptop or tablet
- YubiKey 5 NFC ($US50) for devices with older USB ports
Other options include Google’s Titan security keys ($30 and up). In addition to working with laptops and tablets with USB ports, these keys are compatible with smartphones that have NFC wireless. Most smartphones these days have that, since it’s the technology behind wireless payments such as Apple Pay.
Adam Marrè, chief information security officer at cybersecurity firm Arctic Wolf, recommends that your chosen key is certified by the FIDO Alliance, which governs the standards of these devices.
How do security keys work?
To add a key, look in the security settings of your major accounts (Facebook, Twitter, Google, etc.). During setup, it will prompt you to insert the key into your laptop or tablet’s port or hold the key close to your phone for wireless contact.
Apple requires you to add two security keys to your Apple ID account, in case you lose one.
Typically, when you log in, you just go to the app or website where you’ve set up a key, enter your username and password as usual, then once again insert the key into the device or hold it close. (Some keys have a metal tab you have to press to activate.) At that point, the service should let you right in.
Why are they so secure?
Getting those two-factor login codes via text message is convenient, but if you are someone criminals are targeting, you could be the victim of SIM swapping. That’s where thieves convince carriers to port your number to a new phone in their possession, and they use it along with your stolen password to hack your accounts.
Even if they don’t go to all that trouble, criminals might try to trick you to hand them your codes, by calling you or spoofing a website you typically visit. At that point they can use the code for about 60 seconds to try to break in, said Ryan Noon, chief executive at security firm Material Security.
Security keys protect you in two ways: First, there’s no code to steal, and second, they use a security protocol to verify the website’s domain during login, so they won’t work on fake sites.
You can also add an authenticator app such as Authy to your most important accounts, to use only as a backup. But once you add these secure methods, you should consider removing the text-message code option.
In the rare case that someone snoops your passcode then steals your iPhone, beware: The perpetrator could still make Apple ID account changes using only the passcode, and even remove security keys from your account.
What happens if you lose your key?
The most important rule of security keys is to buy an extra one (or two).
“Think of your security key as you would a house or car key,” said Derek Hanson, Yubico’s vice president of solutions architecture. “It’s always recommended that you have a spare.”
If you lose a security key, remove it from your accounts immediately. You should have already registered your spare or an authenticator app as a backup to use in the meantime.
Where can you use a security key?
Start with your most valuable accounts: Google, Apple, Microsoft, your password manager, your social–media accounts and your government accounts.
When it comes to financial institutions, many banks don’t offer security-key protection as an option, though most leading crypto exchanges do.
What comes after security keys?
Security professionals and tech companies widely agree that passkeys are the future. They’re a new type of software option that combines the high security of a physical key with the convenience of biometrics such as your face or fingerprints. Passkeys are supported across the Android, iOS, Mac and Windows platforms, and some of your favourite sites already let you use them.
You can create a passkey on Facebook in security settings by following the app’s instructions under the security-key option. Dropbox has a similar passkey setup. Once you’re done, you’ll use your face or fingerprint as a second factor, instead of a code or key.
Eventually, physical security keys could be what we keep safe in strong boxes, as backups for our biometric-enabled passkeys. Even then, you’re probably going to want to have spares.
Copyright 2020, Dow Jones & Company, Inc. All Rights Reserved Worldwide. LEARN MORE
This stylish family home combines a classic palette and finishes with a flexible floorplan
Just 55 minutes from Sydney, make this your creative getaway located in the majestic Hawkesbury region.
4 min
As Paris makes its final preparations for the Olympic games, its residents are busy with their own—packing their suitcases, confirming their reservations, and getting out of town.
Worried about the hordes of crowds and overall chaos the Olympics could bring, Parisians are fleeing the city in droves and inundating resort cities around the country. Hotels and holiday rentals in some of France’s most popular vacation destinations—from the French Riviera in the south to the beaches of Normandy in the north—say they are expecting massive crowds this year in advance of the Olympics. The games will run from July 26-Aug. 1.
“It’s already a major holiday season for us, and beyond that, we have the Olympics,” says Stéphane Personeni, general manager of the Lily of the Valley hotel in Saint Tropez. “People began booking early this year.”
Personeni’s hotel typically has no issues filling its rooms each summer—by May of each year, the luxury hotel typically finds itself completely booked out for the months of July and August. But this year, the 53-room hotel began filling up for summer reservations in February.
“We told our regular guests that everything—hotels, apartments, villas—are going to be hard to find this summer,” Personeni says. His neighbours around Saint Tropez say they’re similarly booked up.
As of March, the online marketplace Gens de Confiance (“Trusted People”), saw a 50% increase in reservations from Parisians seeking vacation rentals outside the capital during the Olympics.
Already, August is a popular vacation time for the French. With a minimum of five weeks of vacation mandated by law, many decide to take the entire month off, renting out villas in beachside destinations for longer periods.
But beyond the typical August travel, the Olympics are having a real impact, says Bertille Marchal, a spokesperson for Gens de Confiance.
“We’ve seen nearly three times more reservations for the dates of the Olympics than the following two weeks,” Marchal says. “The increase is definitely linked to the Olympic Games.”
Getty Images
According to the site, the most sought-out vacation destinations are Morbihan and Loire-Atlantique, a seaside region in the northwest; le Var, a coastal area within the southeast of France along the Côte d’Azur; and the island of Corsica in the Mediterranean.
Meanwhile, the Olympics haven’t necessarily been a boon to foreign tourism in the country. Many tourists who might have otherwise come to France are avoiding it this year in favour of other European capitals. In Paris, demand for stays at high-end hotels has collapsed, with bookings down 50% in July compared to last year, according to UMIH Prestige, which represents hotels charging at least €800 ($865) a night for rooms.
Earlier this year, high-end restaurants and concierges said the Olympics might even be an opportunity to score a hard-get-seat at the city’s fine dining.
In the Occitanie region in southwest France, the overall number of reservations this summer hasn’t changed much from last year, says Vincent Gare, president of the regional tourism committee there.
“But looking further at the numbers, we do see an increase in the clientele coming from the Paris region,” Gare told Le Figaro, noting that the increase in reservations has fallen directly on the dates of the Olympic games.
Michel Barré, a retiree living in Paris’s Le Marais neighbourhood, is one of those opting for the beach rather than the opening ceremony. In January, he booked a stay in Normandy for two weeks.
“Even though it’s a major European capital, Paris is still a small city—it’s a massive effort to host all of these events,” Barré says. “The Olympics are going to be a mess.”
More than anything, he just wants some calm after an event-filled summer in Paris, which just before the Olympics experienced the drama of a snap election called by Macron.
“It’s been a hectic summer here,” he says.
AFP via Getty Images
Parisians—Barré included—feel that the city, by over-catering to its tourists, is driving out many residents.
Parts of the Seine—usually one of the most popular summertime hangout spots —have been closed off for weeks as the city installs bleachers and Olympics signage. In certain neighbourhoods, residents will need to scan a QR code with police to access their own apartments. And from the Olympics to Sept. 8, Paris is nearly doubling the price of transit tickets from €2.15 to €4 per ride.
The city’s clear willingness to capitalise on its tourists has motivated some residents to do the same. In March, the number of active Airbnb listings in Paris reached an all-time high as hosts rushed to list their apartments. Listings grew 40% from the same time last year, according to the company.
With their regular clients taking off, Parisian restaurants and merchants are complaining that business is down.
“Are there any Parisians left in Paris?” Alaine Fontaine, president of the restaurant industry association, told the radio station Franceinfo on Sunday. “For the last three weeks, there haven’t been any here.”
Still, for all the talk of those leaving, there are plenty who have decided to stick around.
Jay Swanson, an American expat and YouTuber, can’t imagine leaving during the Olympics—he secured his tickets to see ping pong and volleyball last year. He’s also less concerned about the crowds and road closures than others, having just put together a series of videos explaining how to navigate Paris during the games.
“It’s been 100 years since the Games came to Paris; when else will we get a chance to host the world like this?” Swanson says. “So many Parisians are leaving and tourism is down, so not only will it be quiet but the only people left will be here for a party.”
This stylish family home combines a classic palette and finishes with a flexible floorplan
Just 55 minutes from Sydney, make this your creative getaway located in the majestic Hawkesbury region.
