The Strongest Protection for Your Online Accounts? This Little Key
Passwords aren’t enough to fend off hackers; these dongles are the best defense
4 min
Strong passwords are very important, but they’re not enough to protect you from cybercriminals.
Passwords can be leaked or guessed. The key to online security is protecting your account with a strong secondary measure, typically a single-use code. This is referred to as “two-factor authentication,” or 2FA, as the nerds know it.
I’ve written about all the different types of 2FA, such as getting those codes sent via text message or generated in an authenticator app. Having any kind of second factor is better than none at all, but physical security keys—little dongles that you plug into a USB port or tap on your phone during account logins—offer the highest level of protection.
Security keys have been around for over a decade, but now they’re in the spotlight: Apple recently introduced support for them as an optional, added protection for Apple ID accounts. Last month, Twitter removed text-message-based authentication as an option for nonpaying users, recommending instead an authenticator app or security key.
Some people are hesitant to use security keys because carrying around a physical object seems burdensome and they come with a $30-and-up added cost. Plus, what happens if they get lost?
I’ve used security keys since 2016 and think they are actually easier to manage than codes—especially with accounts that don’t require frequent logins. They’re not only convenient, but they can’t be copied or faked by hackers, so they’re safer, too.
Here’s how to weigh the benefits and common concerns of adding one or two of these to your keychain.
Which security key should I use?
Many internet services support the use of security keys, and you can use the same security key to unlock accounts on many different services. I recommend two from industry leader Yubico:
- YubiKey 5C NFC ($US55) if you have a USB-C laptop or tablet
- YubiKey 5 NFC ($US50) for devices with older USB ports
Other options include Google’s Titan security keys ($30 and up). In addition to working with laptops and tablets with USB ports, these keys are compatible with smartphones that have NFC wireless. Most smartphones these days have that, since it’s the technology behind wireless payments such as Apple Pay.
Adam Marrè, chief information security officer at cybersecurity firm Arctic Wolf, recommends that your chosen key is certified by the FIDO Alliance, which governs the standards of these devices.
How do security keys work?
To add a key, look in the security settings of your major accounts (Facebook, Twitter, Google, etc.). During setup, it will prompt you to insert the key into your laptop or tablet’s port or hold the key close to your phone for wireless contact.
Apple requires you to add two security keys to your Apple ID account, in case you lose one.
Typically, when you log in, you just go to the app or website where you’ve set up a key, enter your username and password as usual, then once again insert the key into the device or hold it close. (Some keys have a metal tab you have to press to activate.) At that point, the service should let you right in.
Why are they so secure?
Getting those two-factor login codes via text message is convenient, but if you are someone criminals are targeting, you could be the victim of SIM swapping. That’s where thieves convince carriers to port your number to a new phone in their possession, and they use it along with your stolen password to hack your accounts.
Even if they don’t go to all that trouble, criminals might try to trick you to hand them your codes, by calling you or spoofing a website you typically visit. At that point they can use the code for about 60 seconds to try to break in, said Ryan Noon, chief executive at security firm Material Security.
Security keys protect you in two ways: First, there’s no code to steal, and second, they use a security protocol to verify the website’s domain during login, so they won’t work on fake sites.
You can also add an authenticator app such as Authy to your most important accounts, to use only as a backup. But once you add these secure methods, you should consider removing the text-message code option.
In the rare case that someone snoops your passcode then steals your iPhone, beware: The perpetrator could still make Apple ID account changes using only the passcode, and even remove security keys from your account.
What happens if you lose your key?
The most important rule of security keys is to buy an extra one (or two).
“Think of your security key as you would a house or car key,” said Derek Hanson, Yubico’s vice president of solutions architecture. “It’s always recommended that you have a spare.”
If you lose a security key, remove it from your accounts immediately. You should have already registered your spare or an authenticator app as a backup to use in the meantime.
Where can you use a security key?
Start with your most valuable accounts: Google, Apple, Microsoft, your password manager, your social–media accounts and your government accounts.
When it comes to financial institutions, many banks don’t offer security-key protection as an option, though most leading crypto exchanges do.
What comes after security keys?
Security professionals and tech companies widely agree that passkeys are the future. They’re a new type of software option that combines the high security of a physical key with the convenience of biometrics such as your face or fingerprints. Passkeys are supported across the Android, iOS, Mac and Windows platforms, and some of your favourite sites already let you use them.
You can create a passkey on Facebook in security settings by following the app’s instructions under the security-key option. Dropbox has a similar passkey setup. Once you’re done, you’ll use your face or fingerprint as a second factor, instead of a code or key.
Eventually, physical security keys could be what we keep safe in strong boxes, as backups for our biometric-enabled passkeys. Even then, you’re probably going to want to have spares.
Copyright 2020, Dow Jones & Company, Inc. All Rights Reserved Worldwide. LEARN MORE
Margot Robbie and Jacob Elordi star in an adaptation of the classic novel that respects the romance’s slow burn.
High-end homeowners are choosing to upgrade rather than relocate, investing in bespoke design, premium finishes and long-term lifestyle value.
Margot Robbie and Jacob Elordi star in an adaptation of the classic novel that respects the romance’s slow burn.
3 minThe most 2026 element of the latest screen adaptation of 1847’s hottest novel, “Wuthering Heights,” is the scene in which Heathcliff repeatedly asks the young lady he’s undressing, “Do you want me to stop?” even as she writhes with lust, indicating an affirmative response is unlikely.
Previously understood as a notorious brute even by 19th-century standards, Heathcliff now exhibits signs of having earned perfect grades in today’s campus training modules.
There’s also a reference to septicemia, which is writer-director Emerald Fennell’s perhaps too-technical stab at explaining the nonspecific Victorian disease that afflicts one character.
Mostly, however, Ms. Fennell has done an admirable job of not modernising a dark and moody romance. If most of today’s filmmakers crave hearing, “This is not your mother’s (fill in the blank)” when adapting classic material, this pretty much is your mother’s “Wuthering Heights,” or at least one she will recognise.
Catherine Earnshaw, played with great soapy gusto by Margot Robbie, is still the same judgment-impaired social-climbing drama queen as ever, and Ms. Fennell frequently associates her with a rich, decadent red—the colour of the bordello—to suggest that she has unwisely traded her body for riches.
Ms. Fennell, who won an Oscar for writing the feminist parable “Promising Young Woman,” doesn’t bother suggesting that Catherine is a victim of society’s impossible expectations for women, which allows her to focus on the core story without intrusive mutters of disapproval for 19th-century mores.
The plot is a template for every Harlequin romance about a woman caught between a sexy beast and a languid but wealthy wimp.
Catherine, who lives with her frequently drunken father (Martin Clunes) on a struggling Yorkshire estate called Wuthering Heights, grows up with a wild, apparently orphaned boy adopted by her father after being found hapless in the street.
The boy at first doesn’t even talk, and seems to have no name, so Catherine calls him Heathcliff. As an adult, he is played by Jacob Elordi , an excellent match for Ms. Robbie, both in comeliness and star power.
The pair grow up best friends and even sleep in the same bed. The desperate attraction between them is evident to both, but Catherine has her sights set on a higher-status mate than this mere stable boy.
After much figurative and literal peering over the walls of the posh neighbouring estate, Thrushcross Grange, she twists an ankle and becomes a six-week houseguest of the gentleman who owns it, the wealthy Edgar Linton (Shazad Latif). He lives with his ward, Isabella (Alison Oliver). Heathcliff, in agony, moves away without notice while Catherine marries Edgar.
Ms. Fennell has greatly streamlined the complicated plot of Emily Brontë’s novel, eliminating the framing device, the supernatural element, several peripheral figures and a second generation of characters.
Other adaptations have made similar excisions, and yet the latest version is luxuriantly long, fully half an hour longer than the much-loved 1939 film by William Wyler that starred Merle Oberon, Laurence Olivier and David Niven.
Ms. Fennell is a millennial who might have been expected to make the material slick, hip or at least fast; she has done none of that.
The story is a slow burn, as it should be, an extended sonata of moaning winds, crackling storms, smouldering glances and heaving bosoms. When you’ve got two actors as luminous as Ms. Robbie and Mr. Elordi, you don’t need them to say clever things, and they don’t.
Having simplified matters, Ms. Fennell sloughs off the psychological depth of the novel and instead lavishes attention on the heavy breathing and the decor, exhibiting much interest in the ornate mansion in which the Linton family lives (one room is set aside for ribbons only) and the costumes and accessories with which Ms. Robbie is gloriously draped.
Catherine essentially becomes a character in a Sofia Coppola movie who grows increasingly trapped and anguished in proportion to her cosseting. A slate of songs by Charli XCX captures Catherine’s tragic self-absorption without seeming jarringly modern.
The movie is very much aimed at female viewers, and Heathcliff (whose bare-chested form Ms. Fennell’s camera adoringly takes in) is less robustly drawn than in some previous iterations, driven mainly by carnal lust rather than a more all-encompassing rage.
Olivier’s demonic anger at the world came through clearly, whereas Mr. Elordi’s Heathcliff seems as though he’d be content to simply peel away Catherine from Edgar. And though Nelly (Hong Chau), Catherine’s maid and confidante, plays an essential role in developments, her character remains a bit frustratingly hazy.
Still, in the wake of adaptations such as 2012’s “Anna Karenina,” with Keira Knightley , and 2013’s “The Great Gatsby,” with Leonardo DiCaprio, that were all sizzle and flash, “Wuthering Heights” is a worthy throwback.
Deeply felt longing is its own kind of sizzle.
The pandemic-fuelled love affair with casual footwear is fading, with Bank of America warning the downturn shows no sign of easing.
Powerhouse real estate couple Avi Khan and Kaylea Sayer welcome their daughter while balancing record-breaking careers, proving success and family can grow side by side.
