Some of us still remember the hacker attack on PlayStation Network servers. In 2011, one of the largest attacks of this type in history occurred: it is estimated that 77 million accounts have been hacked. The stolen user data included payment card numbers or addresses provided by users when setting up the account. And although attacks on this scale are rare, we are increasingly vulnerable to online crime. The theft of sensitive data, passwords, or the takeover of a Facebook account are common problems for people living in the 21st century.
A password for any website is no longer a good security measure. Even if we use special characters, uppercase and lowercase letters in the account creation process, we cannot be sure that it will not be broken. When logging in, we still type the same string, and this process leaves a trail on the network. So it may happen that the world’s best password invented by us will be cracked by a hacker who will gain access to all information about us – from holiday photos, through sensitive customer data to our card numbers. None of us wants to wake up in the morning and discover that our Facebook profile has been taken over by a criminal. However, there is a simple way that allows you to secure the login process against potential hacker attacks. Security keys, do you know what they are?
U2F security keys – what exactly are they?
Google as well as hundreds of other websites and services offer their users two-step verification options when logging in to individual servers. This type of login requires two actions: first, enter your login and password, and then confirm the login using an external token. The token can be a very popular SMS password, sent to our phone number (not a very secure option, easily subject to attack). A better alternative are U2F keys. The use of security keys will be useful to everyone in everyday life, although it is recommended primarily to professional groups particularly vulnerable to online attacks (these are, among others, journalists, activists, politicians). Two-step verification combined with the use of security keys will help us effectively protect against phishing and other hacker attacks.
Most of us would faster associate the name “U2F security key” with NASA’s complex space technology than with a common office work tool. The enigmatic name, however, is not fully adequate to the item that easily fits in our pocket. The security key looks like a USB flash drive. This is a small device that effectively (and quickly!) helps you protect yourself against online attacks. You can easily buy keys on the internet, but remember to choose a reputable store.
The U2F keys are also easy to use and, contrary to the complicated name, will not complicate your daily live in any way. There is even a chance that a U2F key will speed up things – thanks to this small device you do not have to wait for and then type in long SMS codes every time you log in. The credentials are served automatically when you press the button on the token. It really couldn’t be easier (or safer).
There are keys on the market that support different methods of communication and authentication. We can buy tokens that work with laptops or mobile devices (yes, we can easily connect them to our smartphones using NFC). The keys work offline: we don’t need internet connection to generate passwords.
Advantages of using U2F keys
Since we already know what security keys are, it is worth considering the advantages of using them. Sure, many of them are obvious and automatically come to mind, but some of them are worth pointing out and discussing separately. There are many benefits of using security keys:
- Security – the most obvious and important of all advantages of having a U2F key. The use of a security key in combination with two-step verification will protect us against phishing, session interception or data theft. In addition, the key will not work when logging into a fake domain.
- Ease of use – the key is very handy and small, so you can always have it on you on a keychain. The use of it will also not be a problem: just insert it via a USB port to your computer and generate a password by pressing the button.
The keys do not store data, so even if you lose a token somewhere, nothing will happen, your data will still be safe – just buy a new key.
- They allow you to keep your privacy –thanks to the use of keys, you have full control over our online identity. You have all passwords and codes under control, you can also be sure that you will log in only to original and authorized websites.
- Wide selection of options – there are different types of keys available on the market. Thanks to that you will definitely be able to choose a product fully adapted to your needs. Tokens are designed to support many authentication methods and different communication methods (USB and NFC).
- Price variety – we know that the security of data is priceless. However, buying a U2F key will not strain your wallet. Yubikey, the most popular key manufacturer on the market, are sells devices for around 45 USD. That’s a small price for good night sleep, protection, and password security, right?
- Internet identity protection – Internet identity is nothing more than data that you, as a user of portals and websites, share and leave during everyday activities. It depends on you whether you will appear under the full name or nickname. The use of security keys will help you consciously manage the data you share on the web.
U2F keys are a trending method of protecting yourself against online identity attacks and theft. The keys work with most popular portals and websites, such as Google Workspace, Dropbox, GitHub or Facebook. Contact an FOTC specialist to get the best price of U2F devices for your employees.