The password is not dead yet. You need a hardware key

In August, the Internet infrastructure company Cloudflare is one of hundreds of targets in a major criminal scam that has successfully compromised multiple tech companies. While some Cloudflare employees were tricked by phishing messages, the attackers couldn’t dig any deeper into the company’s system. That’s because, as part of Cloudflare’s security controls, every employee must use a physical security key to prove their identity when logging into all applications. A few weeks later, the company announced partnered with hardware validation token maker Yubikey to offer discounted keys to Cloudflare customers.

However, Cloudflare is not the only company that appreciates the security protection of hardware tokens. Earlier this month, Apple hardware key support announced for Apple IDs, seven years after first implementing two-factor authentication on user accounts. And two weeks ago, the Vivaldi . browser announced support hardware keys for Android.

Protections are not new, and many major platforms and companies have for years supported the adoption of hardware locks and required employees to use them as Cloudflare has done. However, this latest increased interest and deployment is in response to an escalating range of digital threats.

“Physical authentication keys are some of the most effective methods available today to protect against,” said Crane Hassold, director of threat intelligence at Abnormal Security and former FBI digital behavior analyst. account hijacking and fraud. “If you think of it as a hierarchy, physical tokens are more efficient than authenticator apps, better than SMS verification, more efficient than email verification.”

Hardware authentication is very secure, because you need to own the key and produce the key. This means that an online scammer cannot simply trick someone into handing over their password or even a password plus a second factor code to break into a digital account. You already know this intuitively, because this is the whole premise of the door key. Someone will need your key to unlock your front door—and if you lose the key, it’s usually not the end of the world, because the person who finds it won’t know which door it opens. For digital accounts, there are different types of hardware keys built on the standards of a technology industry association called the FIDO Alliance, including smart cards with a small circuit chip on them. , push tags or electronic locks that use near-field communication, or things like Yubikeys that plug into a port on your device.

You may have dozens or even hundreds of digital accounts, and even if they all support hardware tokens, it would be difficult to manage physical keys for all of them. However, for your most valuable accounts, and those that backup for other login attempts—your email in particular—the phishing and security of hardware keys can carry considerable reassurance.

Meanwhile, after years of hard work, the tech industry is finally taking important steps in 2022 towards a long-promised password-free future. The move is on the back of a technology called “password” that is also built to the FIDO standard. The operating systems of Apple, Google, and Microsoft currently support this technology, and many other platforms, browsers, and services have or are in the process of adopting the technology. The goal is to make it easier for users to manage their digital account authentication so they don’t use insecure alternatives like weak passwords. However, as much as you’d like, passwords aren’t going away anytime soon, thanks to their sheer popularity. And amid all the buzz about passwords, hardware tokens are still an important protection option.

“FIDO has positioned the password somewhere between the password and the hardware-based FIDO authenticator, and I think that is a characteristic,” said Jim Fenton, an independent identity privacy and security consultant. reasonable. “While passwords will likely be the correct answer for many consumer applications, I think hardware-based authenticators will continue to play a role in more secure applications, such as for example, for employees at financial institutions. And more security-focused consumers should also have the option of using a hardware-based validator, especially if their data has previously been breached, if they have a high net worth, or if they only care about security.”

While it can feel daunting at first to add another best practice to your digital security to-do list, hardware tokens are really easy to set up. And you’ll get a lot of mileage just by using them on a few, um, Key account.


Goz News: Update the world's latest breaking news online of the day, breaking news, politics, society today, international mainstream news .Updated news 24/7: Entertainment, the World everyday world. Hot news, images, video clips that are updated quickly and reliably.

Related Articles

Back to top button