CYBERSECURITY TIP: More about passwordless authentication - The USB Key
Good Day, Wealthy Affiliate Friends,
In a previous blog post, I talk a little about passwordless authentication. Click here - https://my.wealthyaffiliate.com/keimor/blog/cybersecurity-ti... to read more.
I don't know about you but I am tired of two-factor authentication. I know a lot of people won't enable it for various reasons and I will say that you are very vulnerable if you don't
A new authentication protocol has been in the works for a couple of years but now the major vendors are signing on to implementing the new standards FIDO/FIDO2.
Passwordless authentication starts with a USB Key. The vendor Yubico seems to be the leader of the pack. They have a good article on their website that you can read here - https://www.yubico.com/solutions/passwordless/.
The Yubikey you need is the YubiKey 5 NFC.
What is NFC and how does it work?
Near field communication (NFC) is a wireless technology that allows two devices to transfer information to each other by bringing them within 4 inches of each other. NFC is a form of contactless communication that does not require any physical contact between two devices. It is designed for use with mobile phones, smartwatches, and other wearable devices that make payments and can be used for transit tickets, storing personal data
Every modern phone on the market has NFC built-in.
Introduction: Understanding the Basics of the YubiKey 5 NFC
The YubiKey 5 NFC is a USB-sized security key that protects access to your online accounts with strong authentication.
The YubiKey 5 NFC is one of the most secure and convenient ways to protect your online accounts. It has the same security features as the previous models, but it has an additional NFC feature that makes it compatible with mobile devices.
Here is an image of the different form factors.
What are the Advantages of Using a Security Key?
Security keys are a way to keep your personal information private. They can be used on various devices, including Android and iOS devices, as well as Macs and Windows computers.
Security keys are physical devices that plug into the USB ports of a computer or device. When you press the button on the security key, it sends an encrypted code to your computer which verifies that you are who you say you are.
Security keys can also be used to help protect against phishing scams. When someone tries to set up an account in your name, they will need your security key code in order to go through with it.
Your YubiKey can be used with many apps and services that require a security key, including Google, Facebook, Dropbox, Salesforce.com, and many more.
Conclusion
This is still a work in progress for me. I should be getting one of these from a friend who has worked at YubiKey. I plan on describing my adventures during this process. I have quite a few hours researching this topic because I want to get rid of two-factor authentication. More to come on this topic.
There are other USB keys that are cheaper I plan on describing these to you. I have learned how to create my own keys so I may do that in the future. Also, your phone can act as a hardware key and I am exploring those now but I am not getting consistent experience with that.
Have a great day!
Cheers,
Keith
Recent Comments
18
I have not heard about the security keys before I'm looking forward to reading your report on how the 1 you get works out.....
They have been around a little while but it was widely adopted. With the issues with passwords and even two-factor authentication, the key might be the way forward. I think your phone will be able to act as a key too.
I don't know at this point. My SIL said that he feels like all the games she plays on the computer put her at risk. He cleaned her computer and should have her protected by now. I'm trying to let them work it out right now.
~Debbi
Ok, if she is downloading games yes that could be a problem. If she is doing them on a browser it is not as bad but still risky. She really needs to set up two factors for all her social media.
See more comments
Keith, I have a question for you. But first, thank you so much for your blog post; in your honest opinion, is this the most secure way? Can you confirm that this key is totally unhackable, however scalable? And if that's not the case, and from a cybersecurity point of view, what would be the most secure way to store information. I am after bulletproof | totally unbreakable | totally unhackable? And thank you.
I have tried Nordlocker for a while; it saves info encrypted on the cloud but is not too impressive.
Cost is no object - kindly.
I am really interested in the answer to your question.
Hi Abie, I will have to create a full post for you and others because there are two different topics here. So, to get 100% protection the only way is to disconnect the computer from the Internet and we both know that is not a feasible option.
The goal is to reduce the risk but you will never completely eliminate the risk. To lower the risk you need to encrypt everything including the hard drive, the cloud drive, and the communication in and out of the computer (VPN), your email, etc. There are safer browsers to use than the ones everyone uses.
Public Key Cryptography (PKI) is the closest thing to completely unbreakable. The issue here is the private key. If someone steals the private key from you all bets are off. You can share the public key with anyone without a problem. The other issue is people like to lose their private keys. Without the private key, you are locked out completely. That is close to unbreakable you are going to get.
User authentication using passwords is really obsolete. It was never designed with security in mind. The USB / NFC Key using the FIDO2 framework tries to reduce the threat and risk. The key is only available on the device itself. It is never transmitted. But, it is not 100% foolproof. The USB drive is vulnerable just by itself. The biometric logins are also vulnerable too because they can be spoofed by attackers.
I am not sure if I really answered your question and I will write up a post on how to implement the highest level of security possible. Your question is a great one and I need to write one or more posts to completely explain how to lower the risk of what you asked and how to do it.
I wish there was a way to be 100% secure but there is not one. It is more of a design issue with the computer and the Internet because it was never designed with security in mind. Security is all about risk and what risk are you willing to tolerate.
Thanks,
Keith