"Strong passwords are very important, but they're not enough to protect you from cybercriminals. Passwords can be leaked or guessed. The key to online security is protecting your account with a strong secondary measure, typically a single-use code. This is referred to as "two-factor authentication," or 2FA, as the nerds know it.
Having any kind of second factor is better than none at all, but physical security keys -- little dongles that you plug into a USB port or tap on your phone during account logins -- offer the highest level of protection.
Security keys have been around for over a decade, but now they're in the spotlight: Apple recently introduced support for them as an optional, added protection for Apple ID accounts. Last month, Twitter removed text-message-based authentication as an option for nonpaying users, recommending instead an authenticator app or security key.
Some people are hesitant to use security keys because carrying around a physical object seems burdensome and they can cost $30-and-up. Plus, what happens if they get lost?
I've used security keys since 2016 and think they are actually easier to manage than codes. They're not only convenient, but they can't be copied or faked by hackers, so they're safer, too.
Many internet services support the use of security keys, and you can use the same security key to unlock accounts on many different services. I recommend two from industry leader Yubico:
YubiKey 5C NFC ($55) if you have a USB-C laptop or tablet
YubiKey 5 NFC ($50) for devices with older USB ports
Other options include Google's Titan security keys ($30 and up). In addition to working with laptops and tablets with USB ports, these keys are compatible with smartphones that have NFC wireless.
Adam Marre, chief information security officer at cybersecurity firm Arctic Wolf, recommends that your chosen key is certified by the FIDO Alliance.
To add a key, look in the security settings of your major accounts (Facebook, Twitter, Google, etc.). During setup, it will prompt you to insert the key into your laptop or tablet's port or hold the key close to your phone for wireless contact.
Apple requires you to add two security keys to your Apple ID account, in case you lose one.
Typically, when you log in, you just go to the app or website where you've set up a key, enter your username and password as usual, then once again insert the key into the device or hold it close. At that point, the service should let you right in.
Getting those two-factor login codes via text message is convenient, but if you are someone criminals are targeting, you could be the victim of SIM swapping where thieves convince carriers to port your number to a new phone, and they use it along with your stolen password to hack your accounts.
Even if they don't go to all that trouble, criminals might try to trick you to hand them your codes, by calling you or spoofing a website you typically visit. At that point they can use the code for about 60 seconds to try to break in, said Ryan Noon, chief executive at security firm Material Security.
Security keys protect you in two ways: First, there's no code to steal, and second, they use a security protocol to verify the website's domain during login, so they won't work on fake sites.
You can also add an authenticator app such as Authy to your most important accounts, to use only as a backup. But once you add these secure methods, you should consider removing the text-message code option.
In the rare case that someone snoops your passcode then steals your iPhone, beware: The perpetrator could still make Apple ID account changes using only the passcode, and even remove security keys from your account.
The most important rule of security keys is to buy an extra one (or two).
If you lose a security key, remove it from your accounts immediately. You should have already registered your spare or an authenticator app as a backup to use in the meantime.
Start with your most valuable accounts: Google, Apple, Microsoft, your password manager, your social-media accounts and your government accounts.
When it comes to financial institutions, many banks don't offer security-key protection as an option, though most leading crypto exchanges do." [1]
1. A Little Key Offers Best Online Security
Nguyen, Nicole. Wall Street Journal, Eastern edition; New York, N.Y. [New York, N.Y]. 28 Mar 2023: A.10.
Komentarų nėra:
Rašyti komentarą