The Strongest Protection for Your Online Accounts? This Little Key
Passwords aren’t enough to fend off hackers; these dongles are the best defense
Passwords aren’t enough to fend off hackers; these dongles are the best defense
Strong passwords are very important, but they’re not enough to protect you from cybercriminals.
Passwords can be leaked or guessed. The key to online security is protecting your account with a strong secondary measure, typically a single-use code. This is referred to as “two-factor authentication,” or 2FA, as the nerds know it.
I’ve written about all the different types of 2FA, such as getting those codes sent via text message or generated in an authenticator app. Having any kind of second factor is better than none at all, but physical security keys—little dongles that you plug into a USB port or tap on your phone during account logins—offer the highest level of protection.
Security keys have been around for over a decade, but now they’re in the spotlight: Apple recently introduced support for them as an optional, added protection for Apple ID accounts. Last month, Twitter removed text-message-based authentication as an option for nonpaying users, recommending instead an authenticator app or security key.
Some people are hesitant to use security keys because carrying around a physical object seems burdensome and they come with a $30-and-up added cost. Plus, what happens if they get lost?
I’ve used security keys since 2016 and think they are actually easier to manage than codes—especially with accounts that don’t require frequent logins. They’re not only convenient, but they can’t be copied or faked by hackers, so they’re safer, too.
Here’s how to weigh the benefits and common concerns of adding one or two of these to your keychain.
Many internet services support the use of security keys, and you can use the same security key to unlock accounts on many different services. I recommend two from industry leader Yubico:
Other options include Google’s Titan security keys ($30 and up). In addition to working with laptops and tablets with USB ports, these keys are compatible with smartphones that have NFC wireless. Most smartphones these days have that, since it’s the technology behind wireless payments such as Apple Pay.
Adam Marrè, chief information security officer at cybersecurity firm Arctic Wolf, recommends that your chosen key is certified by the FIDO Alliance, which governs the standards of these devices.
To add a key, look in the security settings of your major accounts (Facebook, Twitter, Google, etc.). During setup, it will prompt you to insert the key into your laptop or tablet’s port or hold the key close to your phone for wireless contact.
Apple requires you to add two security keys to your Apple ID account, in case you lose one.
Typically, when you log in, you just go to the app or website where you’ve set up a key, enter your username and password as usual, then once again insert the key into the device or hold it close. (Some keys have a metal tab you have to press to activate.) At that point, the service should let you right in.
Getting those two-factor login codes via text message is convenient, but if you are someone criminals are targeting, you could be the victim of SIM swapping. That’s where thieves convince carriers to port your number to a new phone in their possession, and they use it along with your stolen password to hack your accounts.
Even if they don’t go to all that trouble, criminals might try to trick you to hand them your codes, by calling you or spoofing a website you typically visit. At that point they can use the code for about 60 seconds to try to break in, said Ryan Noon, chief executive at security firm Material Security.
Security keys protect you in two ways: First, there’s no code to steal, and second, they use a security protocol to verify the website’s domain during login, so they won’t work on fake sites.
You can also add an authenticator app such as Authy to your most important accounts, to use only as a backup. But once you add these secure methods, you should consider removing the text-message code option.
In the rare case that someone snoops your passcode then steals your iPhone, beware: The perpetrator could still make Apple ID account changes using only the passcode, and even remove security keys from your account.
The most important rule of security keys is to buy an extra one (or two).
“Think of your security key as you would a house or car key,” said Derek Hanson, Yubico’s vice president of solutions architecture. “It’s always recommended that you have a spare.”
If you lose a security key, remove it from your accounts immediately. You should have already registered your spare or an authenticator app as a backup to use in the meantime.
Start with your most valuable accounts: Google, Apple, Microsoft, your password manager, your social–media accounts and your government accounts.
When it comes to financial institutions, many banks don’t offer security-key protection as an option, though most leading crypto exchanges do.
Security professionals and tech companies widely agree that passkeys are the future. They’re a new type of software option that combines the high security of a physical key with the convenience of biometrics such as your face or fingerprints. Passkeys are supported across the Android, iOS, Mac and Windows platforms, and some of your favourite sites already let you use them.
You can create a passkey on Facebook in security settings by following the app’s instructions under the security-key option. Dropbox has a similar passkey setup. Once you’re done, you’ll use your face or fingerprint as a second factor, instead of a code or key.
Eventually, physical security keys could be what we keep safe in strong boxes, as backups for our biometric-enabled passkeys. Even then, you’re probably going to want to have spares.
Chris Dixon, a partner who led the charge, says he has a ‘very long-term horizon’
Americans now think they need at least $1.25 million for retirement, a 20% increase from a year ago, according to a survey by Northwestern Mutual
Competitive pressure and creativity have made Chinese-designed and -built electric cars formidable competitors
China rocked the auto world twice this year. First, its electric vehicles stunned Western rivals at the Shanghai auto show with their quality, features and price. Then came reports that in the first quarter of 2023 it dethroned Japan as the world’s largest auto exporter.
How is China in contention to lead the world’s most lucrative and prestigious consumer goods market, one long dominated by American, European, Japanese and South Korean nameplates? The answer is a unique combination of industrial policy, protectionism and homegrown competitive dynamism. Western policy makers and business leaders are better prepared for the first two than the third.
Start with industrial policy—the use of government resources to help favoured sectors. China has practiced industrial policy for decades. While it’s finding increased favour even in the U.S., the concept remains controversial. Governments have a poor record of identifying winning technologies and often end up subsidising inferior and wasteful capacity, including in China.
But in the case of EVs, Chinese industrial policy had a couple of things going for it. First, governments around the world saw climate change as an enduring threat that would require decade-long interventions to transition away from fossil fuels. China bet correctly that in transportation, the transition would favour electric vehicles.
In 2009, China started handing out generous subsidies to buyers of EVs. Public procurement of taxis and buses was targeted to electric vehicles, rechargers were subsidised, and provincial governments stumped up capital for lithium mining and refining for EV batteries. In 2020 NIO, at the time an aspiring challenger to Tesla, avoided bankruptcy thanks to a government-led bailout.
While industrial policy guaranteed a demand for EVs, protectionism ensured those EVs would be made in China, by Chinese companies. To qualify for subsidies, cars had to be domestically made, although foreign brands did qualify. They also had to have batteries made by Chinese companies, giving Chinese national champions like Contemporary Amperex Technology and BYD an advantage over then-market leaders from Japan and South Korea.
To sell in China, foreign automakers had to abide by conditions intended to upgrade the local industry’s skills. State-owned Guangzhou Automobile Group developed the manufacturing know-how necessary to become a player in EVs thanks to joint ventures with Toyota and Honda, said Gregor Sebastian, an analyst at Germany’s Mercator Institute for China Studies.
Despite all that government support, sales of EVs remained weak until 2019, when China let Tesla open a wholly owned factory in Shanghai. “It took this catalyst…to boost interest and increase the level of competitiveness of the local Chinese makers,” said Tu Le, managing director of Sino Auto Insights, a research service specialising in the Chinese auto industry.
Back in 2011 Pony Ma, the founder of Tencent, explained what set Chinese capitalism apart from its American counterpart. “In America, when you bring an idea to market you usually have several months before competition pops up, allowing you to capture significant market share,” he said, according to Fast Company, a technology magazine. “In China, you can have hundreds of competitors within the first hours of going live. Ideas are not important in China—execution is.”
Thanks to that competition and focus on execution, the EV industry went from a niche industrial-policy project to a sprawling ecosystem of predominantly private companies. Much of this happened below the Western radar while China was cut off from the world because of Covid-19 restrictions.
When Western auto executives flew in for April’s Shanghai auto show, “they saw a sea of green plates, a sea of Chinese brands,” said Le, referring to the green license plates assigned to clean-energy vehicles in China. “They hear the sounds of the door closing, sit inside and look at the quality of the materials, the fabric or the plastic on the console, that’s the other holy s— moment—they’ve caught up to us.”
Manufacturers of gasoline cars are product-oriented, whereas EV manufacturers, like tech companies, are user-oriented, Le said. Chinese EVs feature at least two, often three, display screens, one suitable for watching movies from the back seat, multiple lidars (laser-based sensors) for driver assistance, and even a microphone for karaoke (quickly copied by Tesla). Meanwhile, Chinese suppliers such as CATL have gone from laggard to leader.
Chinese dominance of EVs isn’t preordained. The low barriers to entry exploited by Chinese brands also open the door to future non-Chinese competitors. Nor does China’s success in EVs necessarily translate to other sectors where industrial policy matters less and creativity, privacy and deeply woven technological capability—such as software, cloud computing and semiconductors—matter more.
Still, the threat to Western auto market share posed by Chinese EVs is one for which Western policy makers have no obvious answer. “You can shut off your own market and to a certain extent that will shield production for your domestic needs,” said Sebastian. “The question really is, what are you going to do for the global south, countries that are still very happily trading with China?”
Western companies themselves are likely to respond by deepening their presence in China—not to sell cars, but for proximity to the most sophisticated customers and suppliers. Jörg Wuttke, the past president of the European Union Chamber of Commerce in China, calls China a “fitness centre.” Even as conditions there become steadily more difficult, Western multinationals “have to be there. It keeps you fit.”
Chris Dixon, a partner who led the charge, says he has a ‘very long-term horizon’
Americans now think they need at least $1.25 million for retirement, a 20% increase from a year ago, according to a survey by Northwestern Mutual