- Losing control of an online account
will certainly cost you time and maybe money.
And if a scammer gets control of your social media accounts
or your email, it may also cost you your dignity.
Fortunately, there's an easy way to protect
your online accounts from being taken over
by internet ne'er-do-wells,
and that's with multifactor authentication.
And one of the best ways to do multi-factor authentication
is with a security key like this one.
Now, we have a whole other video
on multi-factor authentication,
which is also called two-factor authentication,
and you should absolutely watch it.
The gist is that with multi-factor authentication,
you need more than a password to log into an account.
You might need to enter a code sent via text message
or generated by a free mobile app or use your security key.
So even if a bad guy has stolen your login information,
they won't have your security key
and they won't be able to log in.
There's a lot of advantages to security keys
over other multi-factor options.
SMS codes can be potentially intercepted and generator apps
require that you have a functioning phone nearby.
Most security keys have no moving parts
and many don't require power or a data connection.
They're small, dedicated hardware devices
that are much more difficult for bad guys to attack.
And they add a high-tech secret agent thrill
to the mundane task of logging into your work email.
In practice, it works like this.
You go to a website and it asks you to log in.
If it supports security keys and you've already enrolled
your key, you just type in your username and password
as normal, or better yet, use a password manager to do that.
Once you've done that, the site will ask you
to present your key.
Plug it in, tap the touch-sensitive portion
to confirm, and you're in.
If you can't plug your key directly into your mobile device,
many keys will let you authenticate via NFC.
Just tap your key against your phone.
But that's just the start of what you can do
with security keys.
Some models support additional authentication schemes
and can do all sorts of nifty security tricks.
Better yet, some sites and services are starting
to embrace password-less authentication where you need
just a PIN or a fingerprint along with your security key
to log in. No password required.
Now, there are some drawbacks to security keys.
For one thing, they cost money, usually between $20 and $80.
For another, they're not accepted everywhere.
Also, because it's a physical device,
you have to physically get up and get it
when you need to log in and then be careful
not to physically lose it.
Using any kind of multi-factor authentication
is better than not using any at all.
If you're just starting to secure your online identity,
using a free authenticator app like Google Authenticator
is a good choice.
You should also use a password manager to create unique
and complex passwords for each site and service you use.
But if you're ready to level up your authentication game
and even feel a little bit like a secret agent
in the process, take a look at our list
of the best security keys at PCmag.com
No comments:
Post a Comment