While it may seem like the button on the YubiKey is a biometric one, it's actually just checking if a human being is pressing the button, rather than some malicious software. One thing that's missing from YubiKeys that some might find important is a fingerprint scanner. However, this isn't just an issue with the YubiKey 5. However, many mobile apps force you to insert your passwords in an app instead of a browser, and that can cause some issues. It's easy to use the key on a desktop browser-and it works pretty well in a mobile browser, too. Problems with using the key on mobile devices come down to how apps and browsers function on mobile. The higher price makes sense given the larger number of included features. The only real downsides to the YubiKey 5 are its price and that it can be somewhat finicky to use on mobile. You can write in only a fraction of a 32-character password when in a text box and have the YubiKey do the rest of the work for you. With the YubiKey 5, you could send an encrypted email through ProtonMail using PGP-but, rather than relying on a public key, you can use the hardware key instead.īesides that, it has an interesting 'static password' feature that essentially functions as an auto-complete when touching the button on the YubiKey 5. This key is both crush-resistant and water-resistant, too, so it won't be easily broken.īeyond that, there are also some more advanced features that you can access by using the app, such as OpenPGP, a secure signature for authenticating communications, and an advanced form of a one-time password. In exchange for less advanced protocol support, you get the key cheaper, and that's a fair trade-off for most. Granted, most people are unlikely to need these features, as the FIDO protocols will cover the most popular sites. The only real downside is that it doesn't have the broader support of other security keys on this list. It's relatively easy to double-check what it works with before jumping in by checking a database or Googling if the website or service you want to use supports them. In terms of protocol support, it can handle FIDO U2F and FIDO2, both of which are supported by Google, Twitter, and Microsoft, and a variety of password managers. There is even a USB-C version for those who need it. It doesn't cost too much, it works with both PCs and mobile devices through NFC, and it supports most MFA systems. The Yubico Security Key NFC manages to balance all the important bits when it comes to a security key. If you don't need OTPs or encrypted emails, then a key that uses FIDO2 is most likely going to cover 90%-100% of the stuff you need it for. There's also OpenPGP, which encrypts emails and only allows you to unencrypt them if you have the correct OpenPGP key, adding another layer to secure emails.Īs for what to choose exactly, that depends on your needs. Then there are additional features that a hardware security key can provide, such as One-Time Passwords (OTP) through a protocol called OATH TOTP or Yubico OTP. Backward compatibility is a good thing to have. There's also FIDO U2F, an earlier version of FIDO2, and most devices that support FIDO2 usually also support FIDO U2F. Related: U2F Explained: How Google and Other Companies Are Creating a Universal Security TokenĬurrently, the most popular form of authentication is called FIDO2 and is almost universally supported. For example, if you plan to secure your Twitter, Google, and Facebook accounts, you'll need one that is compatible with them. So what should you look for when picking a hardware security key? Primarily, you want a key that supports the same protocols that your accounts use. Of course, they can be stolen, but some keys have biometrics in them or require another PIN, making it a true MFA key so that even if it's stolen, people can't hack into your accounts. Where physical security keys shine is that they don't have the issues stated above regarding interception or breaking in. Using Multi-Factor Authentication, or MFA for short, means using more than just one authentication vector, so 2FA is part of MFA. T 1hese solutions can have problems though, especially since SMS messages can be intercepted through SIM-swapping attacks, emails can be broken into with social engineering, and authenticator apps lose their value if your phone is stolen or you forget it somewhere. You can receive this code either through an SMS message, an email, or an authenticator app. Typically, 2FA involves receiving a code you have to insert after you enter your password correctly. If you've been on the internet, then you've probably heard of two-factor authentication, usually abbreviated as 2FA. What to Look for in a Hardware Security Key in 2023
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |