 The Yubikey is a security tool which is used as a secure 2nd Factor for online accounts. Securing accounts with 2FA is always a good idea. Once enabled, your accounts require both a username, password, and a 2nd factor like a one time password (OTP). In the case of a security key, you need to physically insert or tap your yubikey into or against your NFC enabled device. Many people are familiar with using 2FA via an SMS code that is texted to your device. This is a better method than SMS. People who use SMS for one time passwords often find themselves the targets of sim swap attacks. In this scenario, an attacker ports your phone number to their cell phone, and is then able to receive your 2FA codes. With authenticator apps like Google Authenticator or Authy, you eliminate the risk associated with sim swaps but now your phone is the physical key to unlocking your online accounts. For this reason, phones are often the target of thieves, and if your phone is lost or damaged, you may permanently lose access to your accounts secured with the authenticator app on your phone. By using an a physical security key, you can create backup keys and physically separate your 2nd factor from your phone. Using a security key also eliminates the risk of phishing and social engineering because the security key must be inserted into a USB slot or read via NFC (near field communication, the same way you tap to pay). No matter which way you enable 2FA, it's much more secure than not using it at all. An authenticator app like Authy is nearly as secure as using a Yubikey.
Accounts you should consider securing with 2FA include email accounts, social media accounts and financial accounts, and your Apple or Google account. Comments are closed.
|
Archives
April 2023
Categories |
RSS Feed