You can hear the news of someone being hacked daily. Whether it’s an individual or a large organization, cyber crimes are becoming more of a concern. More and more people keep asking themselves whether they are doing enough to stay safe and if there is any room for improvement.
That’s where hardware security keys come into play. It’s a more advanced way to protect your accounts. But are hardware security keys for everyone? Should you start using one too? Let’s find out.
Cyber Security Starts With a Password
Before you can answer the initial question, covering the basics is in order.
There’s a wide variety of alternative technologies for protecting your accounts. Almost every smartphone now has biometric authentication, for example. But for the most part, traditional passwords are still the building blocks of how everyone approaches cybersecurity.
The good thing about passwords is that their strength and reliability lies in the hands of the creator. In other words, the stronger the password you come up with, the more reliable it tends to be.
The bad news? Strong passwords are, by their very nature, hard to remember. That makes them inconvenient. In essence, you need to either have a good memory, use a password manager, or resort to an alternative. But this is precisely where a hardware security key comes in.
What is Hardware Security Key?
A hardware security key is the means of securing your computer without having to rely on a password. If you’re familiar with two-factor authentication, you’ll find these work in a similar manner. Instead of receiving an SMS or notification with an authentication code, the way you use them is similar to how a regular key function. You insert your key into the USB port of your computer, and off you go — no need to enter anything else from that point on.
Many Platforms Support It
Do you have a Google account? A hardware security key will help you keep it protected. It will also make the login process a tad bit more convenient.
Facebook supports it, as well. Plus, there is an increasing level of support from other notable platforms, such as Dropbox, GitHub, and similar. Many more are soon to follow.
Popular Hardware Security Keys – Are They Safe?
There are more than a few hardware security key products out there. But Yubico’s YubiKey and Google’s Titan Security Key are the most famous examples. While both are considered state-of-the-art, they are by no means perfect, as each one of them has a couple of issues.
First off, there’s the YubiKey. Some criticized that they come with insufficient randomness after powering up the device. That can be enough to make the encryption vulnerable. There are no reports of hackers abusing these vulnerabilities. But Yubico is already working on the issue by offering a replacement for the affected devices.
As for Google’s Titan Security Key, the problem is quite a bit more severe in comparison. Its initial Bluetooth technology was misconfigured, making it vulnerable to attacks. In practice, if a hacker was in 30 feet within the victim’s proximity, they had an opportunity to execute an attack and get into the target’s account. Another way to do the foul deed would have been to trick the victim’s computer into pairing with a different Bluetooth dongle.
On the flip side, Microsoft has already issued a Windows update that puts the vulnerability to rest. And like Yubico, Google will also give you a replacement free of charge if you’re unfortunate to receive one of the affected products.
Pros and Cons of Using Hardware Security Keys
Much like anything else, whether you’re going to use one or not is a matter of personal decision. To help you reach a verdict, a rough list of strong points and weaknesses of hardware security keys come next.
- Convenience. Without the need to install any extras (like software, drivers, and so forth), hardware security keys are as convenient as they can be. On top of that, most people find they are much easier to use compared to inputting a password.
- Hassle-free recovery. While no recovery is pleasant, you don’t have to worry about being locked out of your account in case the key gets lost or stolen. With your key, you also receive a fallback number or code. You can use it in the recovery process. Make sure to keep it in a safe place, though.
- Security. The security of a hardware security key cannot be reverse-engineered or intercepted. The basis of such keys comes from public-key cryptography. It makes it a reliable choice for securing your digital assets.
- Phishing-proof. A hacker may still lure you into opening a fraudulent form that asks for your password. But there is no way to steal it from you if you don’t rely on it in the first place due to using a hardware security key. Being immune to this specific form of attack is no excuse for failing to learn more about it. Yet no one can argue against such a substantial benefit.
- Extra cost. While hardware security keys won’t cost you a fortune, unlike a regular password, they are not free either.
- Extra time. Some are still used to the old ways of securing their digital accounts, so there may be a learning curve. Again, taking the spare time to learn the ins and outs of this technology will benefit you in the long run.
What Are the Alternatives?
If you don’t fancy hardware security keys, there are alternatives you can choose from:
- Traditional 2FA. Unlike a physical key, it’s free to use and only requires you to have your smartphone at hand. It usually involves receiving a confirmation code through an SMS or app.
- Biometrics. Scanning your finger or your eyes every time is as easy as pie. And you always have these with you.
- Strong generated passwords. Using a password generator will ensure that your passwords are reliable and robust. It will take more than a while before hackers can brute force through generated passwords. When used in conjunction with a password manager, it also eliminates the need to remember passwords by heart.
Despite not being perfect, hardware security keys are still the recommended way to go. All in all, they have a high level of security and fit for a large organization. Of course, there are alternatives to using hardware security keys. It’s up to you to choose the most convenient authentication method. Just make sure it’s also a secure one.
Petr is a serial tech entrepreneur and the CEO of Apro Software, a machine learning company. Whenever he’s not blogging about technology for itechgyan.com or softwarebattle.com, Petr enjoys playing sports and going to the movies. He’s also deeply interested in mediation, Buddhism and biohacking.