When It comes to protecting your password, SMS based or app-based two factor authentication (2FA) using your smartphone is more secure than depending on just passwords. But sometimes it can be time-consuming to set it up and run. Hardware security keys provide a fast and convenient way to use two factor authentications (2FA) without messing around with your phone. They are based on the FIDO U2F standard, a security protocol that is very difficult to intercept.
Learning how to protect your account passwords is not difficult and the purpose of this guide is to help you to know how to protect your passwords with a Hardware security key by giving you some information about the Hardware Security Key and also some guides to setup two-factor authentication (2FA) for your social media accounts.
What is a Security Key?
Security keys, also known as hardware security keys, are a method of authentication that offers an additional layer of protection. They can be used to login to desktops and be integrated into the sign-in process of many popular websites and apps.
Security keys connect to your device via USB-A, USB-C, Lightning, NFC, and Bluetooth, and they are small enough to be carried on a keychain. Most of them use an open authentication standard, called FIDO U2F (or the improved FIDO2 standard), and some even feature hardware that is designed to resist physical attacks aimed at extracting firmware and material from the key itself.
Hardware security keys are made by various manufacturers and work with the most popular web browsers, as well as hundreds of apps and online services. They can even help you log in to your workstation. Overall, they are not hard to use and are relatively inexpensive. And all other forms of two-factor authentication (SMS texts, authenticator apps, and notifications) do not offer the same security protection standards.
Why Hardware Security key?
Using the same password on multiple sites or picking simple, easily hacked passwords are two of the biggest security risk factors. As cyber thieves get better at spear phishing and social engineering, it is a good time to think about changing your digital security strategy.
Password managers and security keys are both good replacements for passwords. Software-based solutions will work on most laptops, desktops, and mobile phones. These services generate and store secure passwords and manage login credentials and syncing your data across all your devices.
If you are ready to level up your personal security even more, consider a security key. This hardware solution puts an end to phishing attacks and is much more secure than SMS-based two-factor authentication.
Protecting your devices and your accounts is essential for maintaining the security of your privately identifiable data and thus your financial identity. Phishing scams that lure you into offering your private data such as personal details, bank account information or credit card information can be used to access your accounts or create false ones in your name.
The more information you make public online, the more vulnerable you are to such scams, which are often crafted to look almost the same format from your bank or any other organizations. Avoid clicking on links in emails, especially unsolicited emails. And if anyone asks you for your private data online, contact that organization directly by phone to follow up.
How effective is it?
Microsoft says that users who enable multi-factor authentication (MFA) for their accounts will end up blocking 99.9% of automated attacks.
The recommendation was not only for Microsoft accounts but also for any other profile, on any other website or online service.
If an application or a website supports multi-factor authentication, Microsoft recommends using it, regardless if it is something as simple as SMS-based one-time passwords, or advanced solutions like using fingerprint recognition.
Microsoft’s boast that using MFA blocks 99.9% of automated account takeover (ATO) attacks is not the first of its kind.
Back in May, Google said that users who added a recovery phone number to their accounts and enabled SMS-based MFA were also improving their account security.
“A research shows that simply adding a recovery phone number to your Google Account can block up to 100% of automated bots, 99% of bulk phishing attacks, and 66% of targeted attacks that occurred during our investigation,” Google said at the time.
When both Google and Microsoft are recommending the same thing, it is probably a good time to start following their advice.
What other advantages are there?
Multi Factor Authentication.
The primary benefit of multi factor authentication is that it provides additional security by adding protection in layers. The more layers/factors in place, the lesser chance that an intruder will be able to gain access to systems that are essential, and data is will not be harm and stolen.
A second benefit of multi factor authentication is being able to achieve the necessary security requirements standards specific to my organization which in turn mitigate any potential fines due to unprotected private data.
No need to memorize passwords
And finally, being able to remove the burden of passwords by replacing them with alternatives has the potential to increase productivity and bring a better experience due to the increased flexibility of not having to type password every time. In the right environment and situation, there could even be an opportunity for a potential reduction in operational costs in terms of support call for passwords recovery.
What accounts can be protected?
Many online accounts, apps, services, and websites support hardware security keys, including Twitter, Facebook, Google, Instagram, GitHub, Dropbox, Electronic Arts, Epic Games, Microsoft account services, Nintendo, Okta, and Reddit. Most web browsers do too, like Google Chrome.
Be sure to do your research – look into whether your most-used online accounts and even whether your devices support security keys before you invest in one. You can use hardware security keys to log into many computers and mobile devices, including Macs, Chromebooks, Windows 10 PCs, and Android and iOS devices. The FIDO2 standard on some security keys can work with Windows Hello and Microsoft’s Edge browser, too.
How to Protect your account passwords with a Hardware Security Key:
All hardware security keys tend to work the same, as we have detailed above, but setting them up varies by app and device. To give you an idea of how to protect your account passwords with Hardware Security Key, we have detailed the exact steps for pairing a security key with Facebook and Google
Using a hardware security key with Facebook
- Log into your Facebook account.
- Click on the drop-down menu icon in the corner and select Settings.
- Now you are at General Account Settings.
- Select the Security and Login” link from the left sidebar.
- Scroll down until you see the section called Two-Factor Authentication.
- Click Edit on the Use two-factor authentication option.
- Click on Get Started to set up a text message or an authentication app.
- Go back to Two-Factor Authentication and scroll down to Add a Backup.
- Select Setup for the Security Key option.
- Enter your Facebook password and click Submit.
- Connect your security key (usually by inserting it in the USB port).
- Tap the key’s button.
- You should get a confirmation pop-up.
PAIRING A KEY TO YOUR GOOGLE ACCOUNT
In order to use a security key with your Google account (or any account), you need to already have two-factor authentication set up.
- Log in to your Google account, and click on your profile icon on the upper right-hand corner. Select “Google Account.”
- On the left-hand menu, click on “Security.” Scroll down until you see “Signing into Google.” Click on the “two-step verification” link. At this point, you may need to sign into your account again.
- Scroll down until you see “Set up alternative second step.” Look for the “Security Key” option and click on “Add Security Key.”
- You will get a box telling you to make sure the key is nearby but not plugged in. Click “Next.”
- Insert your key into your computer port. Tap the button on the key, then click “Allow” once you see the Chrome pop-up asking to read the brand and model of your key.
- Give your key a name.
- Now you have completed! You can come back to your Google account’s two factor authentication page to rename, add, or remove additional keys.
More of our “Be Safe Online” Special Edition:
If you are really looking into adding an extra layers of security protection to your electronic devices, Hardware Security Key is definitely a must have item. Most website or applications that have enabled two-factor authentication (2FA) have guides to show you how to set up the Security key to their applications or websites. It is not very difficult to setup and having a FIDO-powered security keys will allow you to go password-less and you no longer have to memorize your passwords.
Hackers are getting better at stealing accounts by phishing and social engineering. All it takes is just a click away for them. All your private data will be stolen and will be forever be with them.
They have not been able to breach any accounts that is appropriately protected by a good and robust security key. Imagine all the trouble and stress you have to go through to recover your account if a hacker gets control of it. Would the cost of a Security justify the amount of inconvenience?
Let us improve our current security standards by switching over to a Hardware Security Key.
To find out more additional information about YubiKey, please go to our Website at https://dtasiagroup.com.hk/yubikeys/ or if you have any enquire about Yubikey, please contact us and visit our DT Asia HK Facebook at https://www.facebook.com/dtahongkong/ to find out more.