In a world of bad passwords, a security key could be your new best friend
I have bad news for you, if your password is weak, you're probably going to get hacked, but what if I told you there was a key to out-smarting hackers?
Like, a literal key.
It's called a Security Key and it could be the answer to securing your entire online life.
And if you're not using one, you could be leaving yourself wide open.
So why do you need a physical key for the online world?
Well, turns out, passwords, kind of suck.
Firstly, they can be easily broken.
I'm looking at you, Password 123.
And even if you don't use a weak password, Chances are you share it across accounts.
In fact, according to last pass, the average person has 85 online accounts.
All of those should have separate passwords, but chances are you probably reusing passwords across accounts.
And if a hacker gets one password Suddenly they get access to a bunch of your accounts.
This is called credential stuffing, where hackers test one password on every website they can think of.
Maybe they want to access your online banking.
Maybe they want to take three rides on your Uber account.
Maybe they want to steal your entire Tired identity, who knows, but suddenly one password has unlocked a lot more than you counted on.
So that's where two factor authentication comes in.
The idea behind two factor is pretty simple.
You use something you know your password with something.
You have your phone That means the first time you log in from a new device, you'll need your password.
But you'll also need a code which is either generated in an app on your phone like Google Authenticator, or it's sent to you via text.
Well, not well, it's more secure than just a password.
Getting a code texted to your phone isn't actually the best option.
It's surprisingly easy for someone to remotely steal your phone number and move it to a new device.
It's called SIM swapping even though they're not physically swapping your SIMs, and it's a method hackers use to get around two-factor authentication.
Okay, so what about authenticator apps?
Well, these apps like Google Authenticator generate a code that's tied to your physical phone, not your phone number, and you can use them for most of your major online accounts.
But still, the process is Isn't entirely foolproof.
One way hackers can get around these apps is by creating a website that looks a hell of a lot like the usual website you log into.
When it comes time to put in that two factor code, they can steal it through the fake website and access your accounts.
Yes, it's pretty rare but if it happens to you, you're in trouble.
Which is why you need a security key.
A security key is a physical key that can't be bypassed or hacked.
And even if someone does literally steal your key, they still need to know your account name and a password to use it.
And that's going to be pretty hard for some hackers sitting in a basement on the other side of the world to come and mug you and steal your security.
Plus, it's easy to use.
When you log into a new device, you enter your password as usual, but instead of getting a code via text or an app, you just pop this key into the USB port and press the button.
Or if you're on your phone, some newer keys can connect wirelessly via NFC or Bluetooth.
These keys use an open standard called Fido short for fast identity on line.
It handles the connection between the security and your laptop or phone.
No codes required.
YubiKeys come in all sizes, with USB A,USB C, Lightning and wireless connections.
They're available from brands like Google, Faces and Yubico and prices range from $20 for a basic Key to $70 which will get you features like dual connectors So you could try remembering 400 different passwords or just hope that you don't get hacked or you could pay a bit of money for a bit of peace of mind.
Considering how much of our lives are online these days, it's probably worth the spend.
You're doing passwords wrong, stupid (The Daily Charge, 3/11/2020)
Are passwords dead? Let's talk about the future of authentication
Schools are tracking kids and that raises all kinds of questions...
How schools could use phones to track your kids
Microsoft wants to make voting machines safer from hackers. (The...
This company wants to sell license plate readers for your neighbors...
Let's talk about why privacy settings are a problem
Was Bezos' phone hacked by Saudi crown prince?
Clearview AI's facial recognition goes creepier than most surveillance...
We're back from the future -- CES 2020 (The Daily Charge, 1/21/2020)