This physical key secures your digital life

RapidVPN/ April 4, 2019/ Blog/

Over the past decades, the development of technology has allowed us to improve our physical world. The emergence of the Internet has led to the fact that digital life has become an indispensable part of our physical lives. Most of us use the Internet in multiple ways, for online banking, buying goods, socializing, business, communicating, researching and marketing.  It is true that our digital and physical lives are pervading. Digital life integrates digital and physical worlds.

Today digital and physical life are seen as equally real. Digital technology has transformed almost every aspect of modern life. Communications, work, entertainment, shopping, and travel are just some of the areas that have been revolutionized in recent decades. It is now rare to find an electronic device or a piece of machinery that does not include digital technology in some way.

Digital technology enables the storage of massive amounts of information locally or remotely in relatively small spaces. Large amounts of important data, documents, media, and others can be carried around on small devices. That information can be moved around virtually instantaneously and also be stored online, enabling it to be accessed from any device which has internet access.

As a parallel to our physical life, our digital life is under constant threat by various criminals who target us for many reasons for their, mainly financial, interests. Although security on the Internet is an inexhaustible topic and there are various software, applications, etc. that should protect us from such attackers, the reality is that a continuous battle is taking place in this field. The attackers appear to be around the corner in our digital lives and are waiting for the right moment to take away our data and use them for their profits. Most of us understand the importance of making the most of our digital life and how important it is to take control of it.

You probably heard and probably use the security process in which the user provides two different authentication factors to verify themselves. Two-factor authentication is a higher level of assurance than single-factor authentication, in which the user provides only one factor like a password or passcode. Many web services offer two-factor authentication to keep intruders out of your account, a feature that asks for something else in addition to your password, typically six-digit code. When it comes to protecting your data, SMS-based or app-based two-factor authentication using is more secure than depending only on passwords. But it can also be time-consuming to set up and use. If you are tired of punching that string of numbers whenever you log in, then you might be interested in a physical security key using the universal two factor or U2F standard. This hardware-based security key provides a fast and easy way to use two-factor authentication. It is based on the FIDO U2F standard, a security protocol that is difficult to intercept. it was developed by Google and security company Yubico and is now administered by the FIDO Alliance. This security key is simple to set up, convenient to carry and will keep your various apps safe and secure U2F relies on a small physical chip that looks like a USB flash drive.

You can keep it on your keychain or some safe location. All you need to do to set one up is tell whatever service you are using that you have a U2F key, then insert it into a free USB port and add a key to your account. Each physical U2F key uses a different secret for key generation and only the original key you used to register will work. When it is time to come back later and log in, you plug in your U2F key, enter your username and password and that’s it, access allowed. Benefits of simply plugging in a USB stick are definitely worthwhile because it also protects against phishing attacks. Numeric authentication codes can be stolen if you accidentally enter them on an imposter website. U2F helps to stop this by using the original domain of the site as a part of the secret mix it uses to generate the private key for that account. So, if you use your physical key to login to an attackers website, the response it will send to that hostel server will be completely useless and the bad guys won’t be able to use it to get into your account.

Emails or text messages transmitting two-factor authentication codes to legitimate users could potentially be intercepted en route, but U2F’s encryption makes such compromise all but impossible. The companies that make U2F keys have added their own additional security features on the top of this base – public key encryption strategy. The ever-popular Yubikey, for example, requires you to touch a sensor on the USB stick before it authenticates ensuring that there is an actual human trying to gain access and not some kind of malware bot. Some of the U2F keys support NFC so you can use them with your Android smartphone and iOS users recently got support for U2F over NFC with the Yubikey Neo if you are using iPhone 7 or newer.

Social media giant Facebook has announced that it is now supporting USB security keys using the Universal 2nd Factor from the FIDO alliance. There are other services that are using U2F like Google, Salesforce, Dropbox, GitHub.

Pre-made keys can be purchased online for less than $20. Some manufacturers also make keys with extra features such as NFC, USB Type-C support and you need to press a button to prove you’re using the key.

The only downside is that you always need to carry the physical key with you.