Let’s talk Security! This is a topic that has become more prevalent over the years when it comes to your online activity. It’s not uncommon anymore to have online accounts secured with only just a password. Websites like Google, Facebook and Twitter have all already introduced Two Factor Authentication (2FA in short) and even frequently remind users to activate it or do security audits from time to time. Some websites that offer financial services even make it a required feature. I started looking into this type of security more seriously after my Facebook Ads account got breached and I only realized this after I got an SMS notification from my local bank that a decent sum of money was deducted from my credit card to pay for random ads. Luckily, I was able to resolve this issue with Facebook support and I got my money refunded in full. But this incident got me thinking more consciously about online security. Not that I have been negligent about it, as have had already added 2FA to other financial web services I’ve been using, such as online exchanges like Binance or even some gaming services like Steam. But nonetheless, I did a complete audit of all my online accounts and added at least one form of extra security to most of my accounts. And then I stumbled upon hardware keys.
So, what is 2FA?
This is basically an extra layer of security for users to be able to access their accounts. This can be achieved in different ways. Some popular solutions are:
- SMS Verification
- Email Verification
- An Authenticator Application (Google Authenticator or Authy)
- A Hardware Key
After doing quite a bit some research on hardware keys, I decided on getting the YubiKey 5 NFC to test out and see how it would work for my needs. These keys are made by a company named Yubico and they are currently one of the market leaders in hardware cryptographic security. It came in a small and simple packaging with the only contents inside being the key itself. The main factors I chose this key over the rest are the size, durability and NFC compatibility (for mobile devices). It also didn’t require any separate applications to be installed as it just works out of the box (Although there are a few applications available by the manufacturer for some more advanced features). I guess the only thing that would make it more future proof for me is if it had a USB-C input as opposed the USB-A it has now. Some other keys I compared also offered Bluetooth connectivity but that would personally bring down the level of security for me as it is a wireless transmission method that could be intercepted. That would also require a charged state to work as a battery needs to power the Bluetooth radio. It’s also water and crush resistant.
An example of how I use the hardware key to login is with my Brave Rewards account. In my previous post I had already mentioned that there’s no password input to login there and I also recommended setting up 2FA after your initial setup. My login process is as follows:
- Input my account email address
- Receive login confirmation link in my email
- To confirm the login after going through the link i need to insert the YubiKey and physically tap it.
Find me on Twitter
Until the next time, stay Secure!!