The password is still not deleted. You need a hardware key

Spread the love


In August, the Internet infrastructure company Cloudflare is one of hundreds of targets in a massive criminal phishing campaign that has succeeded in breaching many tech companies. Although some Cloudflare employees are fooled by phishing messages, attackers are Couldn’t drill deeper In company settings. This is because as part of Cloudflare’s security controls, every employee must use a physical security key to prove their identity when logging into all applications. Weeks later, the company declared CloudFlare has partnered with hardware authentication token maker UBK to offer discount keys to customers.

However, Cloudflare is not the top company in terms of hardware token security. Earlier this month, Apple Announced hardware key support For Apple IDs, seven years after the first release of two-factor authentication on user accounts. Two weeks ago, Vivaldi browser declared Hardware core support for Android.

Security isn’t new, and many major platforms and companies have been supporting hardware key adoption for years and requiring employees to use them, as CloudFlare did. But this latest interest and activation comes in response to a growing array of digital threats.

“Physical authentication keys are some of the most effective methods today against account takeover and phishing,” says Crane Hassold, director of threat intelligence at Extraordinary Security and a former digital behavior analyst at the FBI. “If you think of it as a hierarchy, physical tokens are more useful than authentication apps, which are better than SMS verification, which are more useful than email verification.”

Hardware authentication is more secure because you have to physically hold the key and generate it. This means that a phisher cannot trick someone online into entering a digital account by giving them their password or a password and a second factor code. You already know this intuitively, because it’s the whole premise of a door key. Someone needs your key to open your front door – If you lose your key, it’s usually not the end of the world because someone who finds it won’t know which door it opens. For digital accounts, there are different types of hardware keys based on the standards of a technology industry association called the FIDO Alliance, including smart cards with a small circuit chip, dab cards or fobs. Or something like Yubikeys that plug into a port on your device.

You may have dozens or even hundreds of digital accounts, and even if they all support hardware tokens it can be difficult to manage physical keys for all of them. But backup to your most valuable accounts and other logins—namely, your email—hardware keys security and anti-phishing can mean significant peace of mind.

Meanwhile, after years of work, the tech industry finally took major steps toward a long-promised password-free future in 2022. This move is on the back of technology called “baskeys” built into the FIDO standards. Operating systems from Apple, Google, and Microsoft now support the technology, and many other platforms, browsers, and services have adopted it or are in the process of doing so. Users aim to easily manage their digital account authentication, so they don’t use insecure solutions like weak passwords. As much as you might like it, passwords aren’t going away anytime soon, thanks to their sheer ubiquity. Despite all the hype about passwords, hardware tokens are still an important security option.

“FIDO bridges the gap between passwords and hardware-based FIDO authenticators, and I think that’s a reasonable characterization,” says Jim Fenton, an independent identity privacy and security consultant. “While passports may be the right answer for many consumer applications, I think hardware-based authentication will continue to contribute to high-security applications such as employees in financial institutions. And security-focused consumers should have the option to use hardware-based authentication, especially if their data has been previously breached. If they have or are concerned about security.

While adding one more best practice to your digital security to-do list may seem difficult at first, setting up hardware tokens is actually easy. You’ll get plenty of mileage out of using them in both. Important Accounts.


Source link

Leave a Comment