Securing your online accounts with two-factor authentication is not enough. A cheap device called YubiKey can help keep you from being hacked.
Two-factor authentication is great but it has limitations too. Most of the commonly used platforms like Facebook, Gmail, Amazon etc. not only support but force you to use two-factor authentication, also known as 2FA.
If you haven’t noticed it yet – it is the process wherein you need to authenticate using another means, often via SMS when accessing your account from a new device or location. It adds another layer of protection for your account but does not always help when say you lost your phone or even the request text code could be intercepted by someone snooping on your mobile network or a hacker who has convinced a mobile operator to redirect your phone number. Also, when you don’t have cell service, like when camping in the Smokies, you can’t get the text.
YubiKey, created by Yubico, is one solution. It connects to a USB port on your computer and tells a service, like Facebook or Gmail or Dropbox, that you are you. Such a solution is known as U2F (Universal 2nd Factor).
All you have to do is to simply plug it into your computer, touch it and your identity is authenticated. It automatically creates a one-time-use password to log in to an account. This is where it differs from traditional 2FA – because it’s a physical key, data can’t be intercepted in transit.
Security researchers say Yubikey is the best method to protect yourself from phishing, a common tactic that tricks a person into thinking a malicious message was sent by someone they trust. If you’ve not heard of phishing scams, just Google it – even big companies have fallen for it. Usually phishing attacks are used to gain access to your personal information, like emails or bank accounts.
Facebook added support for the security key in January and it takes just minutes to set it up with services like Facebook and Gmail, which let you add it under Security Settings.
YubiKey doesn’t work for all accounts that support 2FA. Yubico has a list of accounts that support its method of authentication, which do include the common ones like Gmail, Facebook, Dropbox, LastPass etc.
Yubico, alongside Google helped create U2F, or Universal 2nd Factor, a security standard to let users access their accounts with a physical key, like Yubikey.
Check this video to understand more: