In order to test for this, we threw three security key products on concrete, put them through a wash cycle and ran them over with a car to prove the mettle in the silicon for our favorite phishing-prevention tool. Journalism happens in the real world outside of technical whitepapers, and the ability to securely do our work depends as much on the ability for these tools to survive not only cryptographic attacks, but the kinetic attacks of everyday life. Additionally, security keys which feature modern security standards offer robust protection against phishing attacks by automatically verifying the authenticity of the site you’re trying to log in to.Īlthough the cryptographic strength of the security standards used are well-established, the durability of the hardware they're implemented on is less known. However, using a hardware security key for 2FA removes many of the risks associated with the security of the phone, helps prevent regular old human error inherent to using an authentication code received through a text message or authenticator app. Usually, this comes in the form of a one-time-use code sent to your phone through a text message or generated in an authenticator app, such as Authy or FreeOTP.Īuthenticator apps and text messages are good enough in most situations. Two-factor authentication (2FA) is a security feature available in many websites and apps which allows you to protect your login by requiring an additional piece of information beyond your password.
One of the most common questions we get in training journalists on two-factor authentication (2FA) is: How hard are these hardware security keys exactly? Our security training team has plenty of anecdotes to support their durability, but we've decided to methodically put them to the test.
0 kommentar(er)
