Phishing attacks — in which hackers trick you into giving them your password while leaving you none-the-wiser — are one of the most effective kinds of cyberattack out there.
Google has settled on an extremely effective solution for protecting its own employees. According to a Google spokesperson, the adoption of physical Security Keys has stopped the attacks in their tracks. Security Keys are small USB stick devices made by YubiKey that function similar to two-factor authentication (2FA) methods you may already be using. With 2FA enabled, you (or hackers) need more than just a username and password for access.
A second factor is required, often a secret number sent to a trusted telephone number by SMS, or a key generated by an authentication app like Google Authenticator. These measures help, but they come with their own downsides. SMS messages are far from secure and can be compromised by hackers. Authenticator apps are more secure, but are a hassle.
Physical keys solve both these problems at once: There is no transmitted code to intercept, no phone apps to fumble with, and no numbers to punch in at login. Instead, you pop the Security Key into the device and press a button. Google’s promising results could help these keys gain the momentum for more widespread adoption.
Yubikey’s Security Keys operate on an open-source standard called Universal 2nd Factor (U2F), which is already supported by a number of companies and products such as Google, Dropbox, and Facebook, as well as browsers like Google Chrome, Firefox, and Opera.
Until this standard or one like it is supported near universally, Security Keys will remain a tool for early adopters and organizations particularly worried about security – a physical key seems a good bet at keeping yourself safe.
Adapted from an article on popularmechanics.com
Frankenstein Computers has been taking care of our happy clients since 1999. We specialize in IT Support, IT Service, MAC repair, PC Repair, Virus Removal, web design and much more. Give us a call for remote support or drop in to drop off.