U2F security keys – what exactly is it?
Most of us certainly remember the hacker attack on PlayStation Network servers. In 2011, one of the largest attacks of this type in history occurred: it is estimated that 77 million accounts have been hacked. The stolen user data included payment card numbers or addresses provided by users when setting up the account. And although attacks on this scale are rare, we are increasingly vulnerable to online crime. The theft of sensitive data, passwords or the takeover of a Facebook account are common problems for people living in the 21st century.
A password for any website is no longer a good security measure. Even if we use special characters, uppercase and lowercase letters in the account creation process, we cannot be sure that it will not be broken. When logging in, we still type the same string, and this process leaves a trail on the network. So it may happen that the world’s best password invented by us will be cracked by a hacker who will gain access to all information about us – from holiday photos, through sensitive customer data to our card numbers. None of us wants to wake up in the morning and discover that our Facebook profile has been taken over by a criminal. However, there is a simple way that will allow you to secure the login process against potential hacker attacks. Security keys, do you know what they are?
U2F security keys – what exactly are they?
Google as well as hundreds of other websites and services offer their users two-step verification options when logging in to individual servers. This type of login requires two actions: first, enter your login and password, and then confirm the login using an external token. The token can be a very popular SMS password, sent to our phone number (not a very secure option, easily subject to attacks). A better alternative are U2F keys. The use of security keys will be useful to everyone in everyday life, although it is recommended primarily to professional groups particularly vulnerable to online attacks (these are, among others, journalists, activists, politicians). Two-step verification combined with the use of security keys will help us effectively protect against phishing and other hacker attacks.
Most of us associate the name “U2F security key” with NASA’s complex space technology used for the exploration of the universe. The enigmatic name, however, is not fully adequate to the item that easily fits in our pocket. The security key looks like a USB flash drive. This is a small device that effectively (and quickly!) helps you protect yourself against online attacks. We can easily buy keys on the internet (remember to choose a reputable store!). The U2F keys are also easy to use and, contrary to the complicated name, will not affect our daily lives in any way. There is even a chance that a U2F key will speed up things – thanks to this small device you do not have to enter long and complicated passwords every time you log in. They are generated automatically when you press the button on the token. It really can’t be easier (and safer).
There are keys on the market that support different methods of communication and authentication. We can buy tokens that work with laptops or mobile devices (yes, we can easily connect them to our smartphones using NFC). The keys work offline: we don’t need internet connection to generate passwords.
Advantages of using U2F keys
Since we already know what security keys are, it is worth considering the advantages of using them. Sure, many of them are obvious and automatically come to mind, but some of them are worth pointing out and discussing separately. There are many benefits of using security keys:
- Security: the most important of all advantages of having a U2F key. The use of a security key in combination with two-step verification will protect us against phishing, session interception or data theft. In addition, the key will not work when logging into a fake domain.
- Easy to use: the keys are very handy and small, so we can always have them on us. The use of them will also not be a problem: just connect them via a USB port to your computer and generate a password by pressing the button.
The keys do not store data, so even if we lose a token somewhere, nothing will happen, our data will still be safe – just buy a new copy.
- They allow you to keep your privacy: it undoubtedly involves security. Thanks to the use of keys, we have full control over our online identity: we have all passwords and codes under control, we can also be sure that we will log in only to original and authorized websites.
- Many selection options: there are different types of keys available on the market, thanks to which we will definitely be able to choose a product fully adapted to our needs. Tokens are designed to support many authentication methods and different communication methods (USB and NFC).
- Varied in price: we know that the security of our data is priceless. However, buying a U2F key will not strain our wallet. Yubikey – the most popular keys on the market are available for 45 USD. That’s a small amount for good night sleep, protection and password security, right?
- Internet identity protection: Internet identity is nothing more than data that we, as users of portals and websites, share and leave during everyday activities. It depends on us whether we will appear under the full name, surname or nickname. The use of security keys will help us consciously manage the data we share on the web.
U2F keys are still a relatively unpopular method of protecting ourselves against online identity attacks and theft. The keys work with most popular portals and websites, such as Google G Suite, Dropbox, GitHub or Facebook. You can find a list of all websites that enable 2-step verification in one place https://www.dongleauth.info/