As we have discussed here in the past, keeping track of usernames, passwords, and two-factor authentication codes for all your online services can be quite the juggling act. A potential solution would be to start using a USB-based security key instead. Google recently reported that none of its 85,000 employees have fallen victim to a phishing attack since they began using security keys in early 2017, and you can take advantage of the same technology in your business today.
What Is a Security Key?
Security keys are small USB devices that serve as the physical verification that you are the authorized user of an online account credential. These keys can be added to a wide variety of online services and are supported in all major web browsers, except Microsoft Edge (their support is coming soon). Once added, you no longer receive a text message or a code online to validate, you simply insert the key into your computer and press a button.
Why Is This Safer?
Security keys serve as another type of multi-factor authentication (MFA). MFA requires someone to possess something you know (a password) and something you have (a key) to gain access to a site.
This protects against nearly all type of password leaks and phishing attempts because no user of stolen credentials can log in, reset a password, or otherwise tamper with data without all gaining physical access to your key.
How Do I Get One?
- Yubiko (https://www.yubico.com/) is a trusted provider of these keys and offers a variety of types that should work in any environment. Their best-selling version can be found online for about $20.
- Google is now also offering its own keys (https://cloud.google.com/security-key/). For now, these are only available to Google Cloud subscribers, but they are coming soon to the public.
EVAN is more than just a great source of technology information; we have Master Certified Professionals waiting to meet your IT needs right now.