The Strongest Protection for Your Online Accounts? This Little Key
Kanebridge News
Share Button

The Strongest Protection for Your Online Accounts? This Little Key

Passwords aren’t enough to fend off hackers; these dongles are the best defense

By NICOLE NGUYEN
Mon, Mar 27, 2023 9:18amGrey Clock 4 min

Strong passwords are very important, but they’re not enough to protect you from cybercriminals.

Passwords can be leaked or guessed. The key to online security is protecting your account with a strong secondary measure, typically a single-use code. This is referred to as “two-factor authentication,” or 2FA, as the nerds know it.

I’ve written about all the different types of 2FA, such as getting those codes sent via text message or generated in an authenticator app. Having any kind of second factor is better than none at all, but physical security keys—little dongles that you plug into a USB port or tap on your phone during account logins—offer the highest level of protection.

Security keys have been around for over a decade, but now they’re in the spotlight: Apple recently introduced support for them as an optional, added protection for Apple ID accounts. Last month, Twitter removed text-message-based authentication as an option for nonpaying users, recommending instead an authenticator app or security key.

Some people are hesitant to use security keys because carrying around a physical object seems burdensome and they come with a $30-and-up added cost. Plus, what happens if they get lost?

I’ve used security keys since 2016 and think they are actually easier to manage than codes—especially with accounts that don’t require frequent logins. They’re not only convenient, but they can’t be copied or faked by hackers, so they’re safer, too.

Here’s how to weigh the benefits and common concerns of adding one or two of these to your keychain.

Which security key should I use?

Many internet services support the use of security keys, and you can use the same security key to unlock accounts on many different services. I recommend two from industry leader Yubico:

  • YubiKey 5C NFC ($US55) if you have a USB-C laptop or tablet
  • YubiKey 5 NFC ($US50) for devices with older USB ports

Other options include Google’s Titan security keys ($30 and up). In addition to working with laptops and tablets with USB ports, these keys are compatible with smartphones that have NFC wireless. Most smartphones these days have that, since it’s the technology behind wireless payments such as Apple Pay.

Adam Marrè, chief information security officer at cybersecurity firm Arctic Wolf, recommends that your chosen key is certified by the FIDO Alliance, which governs the standards of these devices.

How do security keys work?

To add a key, look in the security settings of your major accounts (Facebook, Twitter, Google, etc.). During setup, it will prompt you to insert the key into your laptop or tablet’s port or hold the key close to your phone for wireless contact.

Apple requires you to add two security keys to your Apple ID account, in case you lose one.

Typically, when you log in, you just go to the app or website where you’ve set up a key, enter your username and password as usual, then once again insert the key into the device or hold it close. (Some keys have a metal tab you have to press to activate.) At that point, the service should let you right in.

Why are they so secure?

Getting those two-factor login codes via text message is convenient, but if you are someone criminals are targeting, you could be the victim of SIM swapping. That’s where thieves convince carriers to port your number to a new phone in their possession, and they use it along with your stolen password to hack your accounts.

Even if they don’t go to all that trouble, criminals might try to trick you to hand them your codes, by calling you or spoofing a website you typically visit. At that point they can use the code for about 60 seconds to try to break in, said Ryan Noon, chief executive at security firm Material Security.

Security keys protect you in two ways: First, there’s no code to steal, and second, they use a security protocol to verify the website’s domain during login, so they won’t work on fake sites.

You can also add an authenticator app such as Authy to your most important accounts, to use only as a backup. But once you add these secure methods, you should consider removing the text-message code option.

In the rare case that someone snoops your passcode then steals your iPhone, beware: The perpetrator could still make Apple ID account changes using only the passcode, and even remove security keys from your account.

What happens if you lose your key?

The most important rule of security keys is to buy an extra one (or two).

“Think of your security key as you would a house or car key,” said Derek Hanson, Yubico’s vice president of solutions architecture. “It’s always recommended that you have a spare.”

If you lose a security key, remove it from your accounts immediately. You should have already registered your spare or an authenticator app as a backup to use in the meantime.

Where can you use a security key?

Start with your most valuable accounts: Google, Apple, Microsoft, your password manager, your social–media accounts and your government accounts.

When it comes to financial institutions, many banks don’t offer security-key protection as an option, though most leading crypto exchanges do.

What comes after security keys?

Security professionals and tech companies widely agree that passkeys are the future. They’re a new type of software option that combines the high security of a physical key with the convenience of biometrics such as your face or fingerprints. Passkeys are supported across the Android, iOS, Mac and Windows platforms, and some of your favourite sites already let you use them.

You can create a passkey on Facebook in security settings by following the app’s instructions under the security-key option. Dropbox has a similar passkey setup. Once you’re done, you’ll use your face or fingerprint as a second factor, instead of a code or key.

Eventually, physical security keys could be what we keep safe in strong boxes, as backups for our biometric-enabled passkeys. Even then, you’re probably going to want to have spares.



MOST POPULAR

Consumers are going to gravitate toward applications powered by the buzzy new technology, analyst Michael Wolf predicts

Chris Dixon, a partner who led the charge, says he has a ‘very long-term horizon’

Related Stories
Lifestyle
Going warm and fuzzy for the 2024 Pantone Colour of the Year
By KANEBRIDGE NEWS 08/12/2023
Lifestyle
3 Reasons You Should Buy a Stick Vacuum—And 3 Reasons They Suck
By KATE MORGAN 08/12/2023
Lifestyle
The OpenAI Board Member Who Clashed With Sam Altman Shares Her Side
By MEGHAN BOBROWSKY 08/12/2023
Going warm and fuzzy for the 2024 Pantone Colour of the Year

Prepare yourself for the year of the peach

By KANEBRIDGE NEWS
Fri, Dec 8, 2023 2 min

Pantone has released its 2024 Colour of the Year — and it’s warm and fuzzy.

Peach Fuzz has been named as the colour to sum up the year ahead, chosen to imbue a sense of “kindness and tenderness, communicating a message of caring and sharing, community and collaboration” said vice president of the Pantone Color Institute, Laurie Pressman.

“A warm and cosy shade highlighting our desire for togetherness with others or for enjoying a moment of stillness and the feeling of sanctuary this creates, PANTONE 13-1023 Peach Fuzz presents a fresh approach to a new softness,” she said.

Pantone Colour of the Year is often a reflection of world mood and events

The choice of a soft pastel will come as little surprise to those who follow the Pantone releases, which are often a reflection of world affairs and community mood. Typically, when economies are buoyant and international security is assured, colours tend to the bolder spectrum. Given the ongoing war in Ukraine, the Israeli-Gaza conflict and talk of recession in many countries, the choice of a softer, more reassuring colour is predictable. 

“At a time of turmoil in many aspects of our lives, our need for nurturing, empathy and compassion grows ever stronger as does our imaginings of a more peaceful future,” she said. “We are reminded that a vital part of living a full life is having the good health, stamina, and strength to enjoy it.”

The colour also reflects a desire to turn inward and exercise self care in an increasingly frenetic world.

“As we navigate the present and build toward a new world, we are reevaluating what is important,” she said. “Reframing how we want to live, we are expressing ourselves with greater intentionality and consideration. 

“Recalibrating our priorities to align with our internal values, we are focusing on health and wellbeing, both mental and physical, and cherishing what’s special — the warmth and comfort of spending time with friends and family, or simply taking a moment of time to ourselves.”

Each year since 2000, Pantone has released a colour of the year as a trendsetting tool for marketers and branding agents. It is widely taken up in the fashion and interior design industries, influencing collections across the spectrum. 

MOST POPULAR

Consumers are going to gravitate toward applications powered by the buzzy new technology, analyst Michael Wolf predicts

Chris Dixon, a partner who led the charge, says he has a ‘very long-term horizon’

Related Stories
Money
Why Is Everyone So Unhappy at Work Right Now?
By VANESSA FUHRMANS 29/11/2023
Money
Binance Founder Changpeng Zhao Agrees to Step Down, Plead Guilty
By DAVE MICHAELS 22/11/2023
Money
Why No One Wants to Pay for the Green Transition
By GREG IP 02/12/2023
0
    Your Cart
    Your cart is emptyReturn to Shop