In a world of bad passwords, a security key could be your new best friend
I have bad news for you, if your password is weak, you're probably going to get hacked, but what if I told you there was a key to out-smarting hackers?
Like, a literal key.
It's called a Security Key and it could be the answer to securing your entire online life.
And if you're not using one, you could be leaving yourself wide open.
So why do you need a physical key for the online world?
Well, turns out, passwords, kind of suck.
Firstly, they can be easily broken.
I'm looking at you, Password 123.
And even if you don't use a weak password, Chances are you share it across accounts.
In fact, according to last pass, the average person has 85 online accounts.
All of those should have separate passwords, but chances are you probably reusing passwords across accounts.
And if a hacker gets one password Suddenly they get access to a bunch of your accounts.
This is called credential stuffing, where hackers test one password on every website they can think of.
Maybe they want to access your online banking.
Maybe they want to take three rides on your Uber account.
Maybe they want to steal your entire Tired identity, who knows, but suddenly one password has unlocked a lot more than you counted on.
So that's where two factor authentication comes in.
The idea behind two factor is pretty simple.
You use something you know your password with something.
You have your phone That means the first time you log in from a new device, you'll need your password.
But you'll also need a code which is either generated in an app on your phone like Google Authenticator, or it's sent to you via text.
Well, not well, it's more secure than just a password.
Getting a code texted to your phone isn't actually the best option.
It's surprisingly easy for someone to remotely steal your phone number and move it to a new device.
It's called SIM swapping even though they're not physically swapping your SIMs, and it's a method hackers use to get around two-factor authentication.
Okay, so what about authenticator apps?
Well, these apps like Google Authenticator generate a code that's tied to your physical phone, not your phone number, and you can use them for most of your major online accounts.
But still, the process is Isn't entirely foolproof.
One way hackers can get around these apps is by creating a website that looks a hell of a lot like the usual website you log into.
When it comes time to put in that two factor code, they can steal it through the fake website and access your accounts.
Yes, it's pretty rare but if it happens to you, you're in trouble.
Which is why you need a security key.
A security key is a physical key that can't be bypassed or hacked.
And even if someone does literally steal your key, they still need to know your account name and a password to use it.
And that's going to be pretty hard for some hackers sitting in a basement on the other side of the world to come and mug you and steal your security.
Plus, it's easy to use.
When you log into a new device, you enter your password as usual, but instead of getting a code via text or an app, you just pop this key into the USB port and press the button.
Or if you're on your phone, some newer keys can connect wirelessly via NFC or Bluetooth.
These keys use an open standard called Fido short for fast identity on line.
It handles the connection between the security and your laptop or phone.
No codes required.
YubiKeys come in all sizes, with USB A,USB C, Lightning and wireless connections.
They're available from brands like Google, Faces and Yubico and prices range from $20 for a basic Key to $70 which will get you features like dual connectors So you could try remembering 400 different passwords or just hope that you don't get hacked or you could pay a bit of money for a bit of peace of mind.
Considering how much of our lives are online these days, it's probably worth the spend.
Which VPN should you pick?
Crypto wallets explained
Here's how the pandemic is changing how we shop online
Video game industry targeted by Chinese hackers
CISA director: Paper record key to keeping 2020 election secure
Blackhat 2020: Tech community must help secure elections
Prepare for a 'new national surveillance system' in order to...
Here's how scammers are using the coronavirus to cash in
You're doing passwords wrong, stupid (The Daily Charge, 3/11/2020)
Are passwords dead? Let's talk about the future of authentication