The Strongest Protection for Your Online Accounts? This Little Key
Kanebridge News
Share Button

The Strongest Protection for Your Online Accounts? This Little Key

Passwords aren’t enough to fend off hackers; these dongles are the best defense

By NICOLE NGUYEN
Mon, Mar 27, 2023 9:18amGrey Clock 4 min

Strong passwords are very important, but they’re not enough to protect you from cybercriminals.

Passwords can be leaked or guessed. The key to online security is protecting your account with a strong secondary measure, typically a single-use code. This is referred to as “two-factor authentication,” or 2FA, as the nerds know it.

I’ve written about all the different types of 2FA, such as getting those codes sent via text message or generated in an authenticator app. Having any kind of second factor is better than none at all, but physical security keys—little dongles that you plug into a USB port or tap on your phone during account logins—offer the highest level of protection.

Security keys have been around for over a decade, but now they’re in the spotlight: Apple recently introduced support for them as an optional, added protection for Apple ID accounts. Last month, Twitter removed text-message-based authentication as an option for nonpaying users, recommending instead an authenticator app or security key.

Some people are hesitant to use security keys because carrying around a physical object seems burdensome and they come with a $30-and-up added cost. Plus, what happens if they get lost?

I’ve used security keys since 2016 and think they are actually easier to manage than codes—especially with accounts that don’t require frequent logins. They’re not only convenient, but they can’t be copied or faked by hackers, so they’re safer, too.

Here’s how to weigh the benefits and common concerns of adding one or two of these to your keychain.

Which security key should I use?

Many internet services support the use of security keys, and you can use the same security key to unlock accounts on many different services. I recommend two from industry leader Yubico:

  • YubiKey 5C NFC ($US55) if you have a USB-C laptop or tablet
  • YubiKey 5 NFC ($US50) for devices with older USB ports

Other options include Google’s Titan security keys ($30 and up). In addition to working with laptops and tablets with USB ports, these keys are compatible with smartphones that have NFC wireless. Most smartphones these days have that, since it’s the technology behind wireless payments such as Apple Pay.

Adam Marrè, chief information security officer at cybersecurity firm Arctic Wolf, recommends that your chosen key is certified by the FIDO Alliance, which governs the standards of these devices.

How do security keys work?

To add a key, look in the security settings of your major accounts (Facebook, Twitter, Google, etc.). During setup, it will prompt you to insert the key into your laptop or tablet’s port or hold the key close to your phone for wireless contact.

Apple requires you to add two security keys to your Apple ID account, in case you lose one.

Typically, when you log in, you just go to the app or website where you’ve set up a key, enter your username and password as usual, then once again insert the key into the device or hold it close. (Some keys have a metal tab you have to press to activate.) At that point, the service should let you right in.

Why are they so secure?

Getting those two-factor login codes via text message is convenient, but if you are someone criminals are targeting, you could be the victim of SIM swapping. That’s where thieves convince carriers to port your number to a new phone in their possession, and they use it along with your stolen password to hack your accounts.

Even if they don’t go to all that trouble, criminals might try to trick you to hand them your codes, by calling you or spoofing a website you typically visit. At that point they can use the code for about 60 seconds to try to break in, said Ryan Noon, chief executive at security firm Material Security.

Security keys protect you in two ways: First, there’s no code to steal, and second, they use a security protocol to verify the website’s domain during login, so they won’t work on fake sites.

You can also add an authenticator app such as Authy to your most important accounts, to use only as a backup. But once you add these secure methods, you should consider removing the text-message code option.

In the rare case that someone snoops your passcode then steals your iPhone, beware: The perpetrator could still make Apple ID account changes using only the passcode, and even remove security keys from your account.

What happens if you lose your key?

The most important rule of security keys is to buy an extra one (or two).

“Think of your security key as you would a house or car key,” said Derek Hanson, Yubico’s vice president of solutions architecture. “It’s always recommended that you have a spare.”

If you lose a security key, remove it from your accounts immediately. You should have already registered your spare or an authenticator app as a backup to use in the meantime.

Where can you use a security key?

Start with your most valuable accounts: Google, Apple, Microsoft, your password manager, your social–media accounts and your government accounts.

When it comes to financial institutions, many banks don’t offer security-key protection as an option, though most leading crypto exchanges do.

What comes after security keys?

Security professionals and tech companies widely agree that passkeys are the future. They’re a new type of software option that combines the high security of a physical key with the convenience of biometrics such as your face or fingerprints. Passkeys are supported across the Android, iOS, Mac and Windows platforms, and some of your favourite sites already let you use them.

You can create a passkey on Facebook in security settings by following the app’s instructions under the security-key option. Dropbox has a similar passkey setup. Once you’re done, you’ll use your face or fingerprint as a second factor, instead of a code or key.

Eventually, physical security keys could be what we keep safe in strong boxes, as backups for our biometric-enabled passkeys. Even then, you’re probably going to want to have spares.



MOST POPULAR
11 ACRES ROAD, KELLYVILLE, NSW

This stylish family home combines a classic palette and finishes with a flexible floorplan

35 North Street Windsor

Just 55 minutes from Sydney, make this your creative getaway located in the majestic Hawkesbury region.

Related Stories
Lifestyle
EV Home Charging: I Did the Math—and Saved Hundreds of Dollars
By JOANNA STERN 28/03/2024
hybrid v electric
Lifestyle
Hybrid v Electric: what you need to know in 2024
By Josh Bozin 25/03/2024
Lifestyle
Competition: Kanebridge Quarterly supporting the next generation of Australian designers
By KANEBRIDGE NEWS 25/03/2024
EV Home Charging: I Did the Math—and Saved Hundreds of Dollars

High-voltage outlets, smart chargers, money-saving utility programs: what to know about charging EVs at home

By JOANNA STERN
Thu, Mar 28, 2024 4 min

Things I miss about my local gas station:

That’s it. That’s the list. OK, fine, I did enjoy the communal squeegees.

This week marks six months since the grand opening of my home electric-vehicle charging station. Congrats to the whole team! (Me and my electrician.) Located between my garage door and recycling bin, it’s hard to beat for the convenience. And also the price.

If you’ve followed my ad-EV-ntures, you’re aware of my feelings about the hell that is public EV charging , at least before Tesla started sharing its Superchargers with its rivals. Truth is, I rarely go to those public spots. The vast majority of EV owners—83%—regularly charge at home, according to data-analytics company J.D. Power.

I already discovered many EV virtues , but I didn’t quite grasp the cost savings until I tallied up half a year of home-charging data. In that time, I spent roughly $125 on electricity to drive just under 2,500 miles. In my old car, that would have cost me more than twice as much—assuming gas held steady at around $3.25 a gallon . And I was charging through the winter, when electricity doesn’t stretch as far in an EV.

Rebates and programs from my state and utility company sweeten the deal. So I will be able to take advantage of discounted electricity, and offset the cost of my charger. The same may be available to you.

But first, there are technical things to figure out. A 240-volt plug? Kilowatt-hours? Peak and off-peak charging? While other people are in their garages founding world-altering tech companies or hit rock bands, I’m in there finding answers to your home-charging questions.

How to get set up

Sure, you can plug your car into a regular 120-volt wall outlet. (Some cars come with a cable.) And sure, you can also simultaneously watch all of Netflix while it charges. It would take more than two days to fill my Ford Mustang Mach-E’s 290-mile battery via standard plug, known as Level 1 charging.

That’s why you want Level 2, which can charge you up overnight. It requires two components:

• A 240-volt electric outlet. Good news: You might already have one of these higher-powered outlets in your house. Some laundry dryers and other appliances require them. Bad news: It might not be in your garage—assuming you even have a garage. I realise not everybody does.

Since my suburban New Jersey home has an attached garage, the install process wasn’t horrible—or at least that’s what my electrician said. He ran a wire from the breaker panel in the basement to the garage and installed a new box with a NEMA 14-50 outlet. People with older homes or detached garages might face trickier wiring issues—more of a “Finding NEMA” adventure. (I apologise to everyone for that joke.)

My installation cost about $1,000 but the pricing can vary widely.

• A smart charger. Choosing a wall charger for your car is not like choosing one for your phone. These mini computers help you control when to start and stop charging, calculate pricing and more.

“This is not something where you just go to Amazon and sort for lowest to highest price,” said Tom Moloughney, the biggest EV-charging nerd I know. On his website and “State of Charge” YouTube channel , Moloughney has reviewed over 100 home chargers. In addition to technical measurements, he does things like freezing the cords, to see if they can withstand wintry conditions.

“Imagine you are fighting with this frozen garden hose every time you want to charge,” he said.

One of his top picks, the ChargePoint Home Flex , was the same one my dad had bought. So I shelled out about $550 for it.

Just remember, if you want to make use of a charger’s advanced features—remote controls, charging updates, etc.—you’ll also need strong Wi-Fi in your garage.

How to save money

I hear all you money-minded WSJ readers: That’s at least $1,600 after getting the car. How the heck is this saving money? I assumed I’d recoup the charging-equipment investment over time, but then I found ways to get cash back even sooner.

My utility provider, PSE&G, says it will cover up to $1,500 on eligible home-charger installation costs . I just need to submit some paperwork for the rebate. In addition, New Jersey offers a $250 rebate on eligible charger purchases. (Phew! My ChargePoint is on the list.) If all is approved, I’d get back around $1,250. Fingers crossed!

I didn’t know about these programs until I started reporting on this. Nearly half of home-charging EV owners say they, too, are unaware of the programs offered by their electric utility, according to a 2024 study released by J.D. Power . So yes, it’s good to check with your provider. Kelley Blue Book also offers a handy state-by-state breakdown.

How to charge

Now I just plug in, right? Kinda. Even if you have a Level 2 charger, factors affect how many hours a fill-up will take, from the amperage in the wall to the current charge of your battery. Take Lionel Richie’s advice and plan on charging all night long .

It can also save you money to charge during off-peak hours.

Electricity costs are measured in kilowatt-hours. On my basic residential plan, PSE&G charges 18 cents per kWh—just 2 cents above the 2023 national average . My Mustang Mach-E’s 290-mile extended-range battery holds 91 kilowatt-hours.

Translation: A “full tank” costs $16. For most gas-powered cars, that wouldn’t cover half a tank.

And If I’m approved for PSE&G’s residential smart-charging plan, my off-peak charging (10 p.m. to 6 a.m. and weekends) will be discounted by up to 10.5 cents/kWh that I’ll get as a credit the following month. I can set specific charging times in the ChargePoint app.

Electricity prices fluctuate state to state but every expert I spoke to said no matter where in the country you live, home charging should cost less than half what gas would for the same mileage. (See chart above for a cost comparison of electric versus gas.) And as I’ve previously explained , fast charging at public stations will cost much more.

One big question: Am I actually doing anything for the environment if I’m just taxing the grid? Eventually, I’d like to offset the grid dependence—and cost—by powering my fancy little station with solar panels. Then, I’ll just be missing the squeegee.

MOST POPULAR
35 North Street Windsor

Just 55 minutes from Sydney, make this your creative getaway located in the majestic Hawkesbury region.

Consumers are going to gravitate toward applications powered by the buzzy new technology, analyst Michael Wolf predicts

Related Stories
Property
The new east coast capital outranking Melbourne for property values
By Bronwyn Allen 11/01/2024
Money
I’m a Supercommuter. Here’s What It’s Really Like.
By CHIP CUTTER 09/01/2024
Property
Concrete Is One of the World’s Worst Pollutants. Making It Green Is a Booming Business.
By KONRAD PUTZIER 13/03/2024
0
    Your Cart
    Your cart is emptyReturn to Shop