Security keys to thwart hackers are now easier to use on all your devices

Yubico's $55 5C NFC hardware security key works with both USB-C laptop ports and NFC wireless communications to phones.

Yubico’s $55 5C NFC hardware security key works with both USB-C laptop ports and NFC wireless communications to phones.


Yubico on Wednesday released a new hardware security key, the $55 YubiKey 5C NFC, that brings new logon abilities to people who want a single key that works with their laptops and phones. It can plug into a USB-C port or link wirelessly with NFC (near-field communications) for what’s considered one of the strongest forms of authentication today.

Sweden-based Yubico is the top seller of hardware security keys, small devices typically are paired with a second form of authentication like a password for logging onto sites like Microsoft, Google, Facebook and Twitter to thwart hackers. And paired with biometric information like fingerprint or face recognition, hardware security keys can help you dump passwords altogether.

But a hassle today has been that there’s often no universal key, so people had to carry or store different ones for different devices. Laptops like MacBooks only have USB-C ports, so old-style USB-A Yubikeys need an adapter, while iPhones only have a Lightning port, for example. That meant more electronic doo-dads to buy, carry, register with websites and worry about losing.

“The YubiKey 5C NFC has been our most popular product request,” a company spokesman said of the new model.

Passwords are widely used but deeply flawed. People reuse the same passwords, which means that a hacker who gets a password for one website sometimes can break into others. And plenty of passwords are cracked already. The HaveIBeenPwned database contains more than 572 million passwords revealed through data breaches and other security problems.

Password manager software can help you create and use strong, unique passwords, but it can be complex to use.

SMS codes and authenticator apps that generate short-lived numeric login code help a lot, but also have weaknesses. Hardware security keys aren’t perfect, either, but they help thwart hackers who don’t have access to the physical device. Google has built hardware security key technology directly into Android phones, letting you dump the hardware security key altogether, but so far the technology isn’t widely supported beyond Google itself.

Hardware security key technology works with authentication technology called FIDO, short for Fast Identity Online, that standardizes how stronger login works. Yubico has sold more than 10 million hardware security keys, the company said in April, with shipments growing about 60% to 70% annually.

The increase in remote working triggered by the coronavirus pandemic, particularly for federal government employees, has let to a “major” boost in sales, the company said.

Now playing:
Watch this:

In a world of bad passwords, a security key could be…


Source Article