Because they're dedicated, offline devices, they're also harder for bad guys to attack. Most security keys have no moving parts or batteries, and don't require a network connection to function. There are several benefits to using security keys, the first and foremost being they don't require a phone to work. Although you can plug security keys into mobile devices, most keys also use NFC to communicate wirelessly with phones and tablets. To do so, you typically first enter your username and password as usual and are then prompted to plug in and tap your security key. What's a Security Key?Ī security key is a small device, usually about the size and shape of a USB flash drive, that you use to authenticate yourself to a site or service. Also, no amount of MFA will protect you if a bad guy has already installed malware on your machine, so we also recommend readers use local antivirus software. The best way to do that is with a password manager. These only work for logging into Google, however.Īlthough MFA works great, it only works if you are using unique, complex passwords for each and every site and service. You can configure Google to send you a push notification to a trusted smart device that acts as an MFA factor, or use your Android device as a security key. Keep in mind that Google offers other forms of MFA, particularly for Android users. But if it's the only option available, then it's better than not using any form of MFA. We strongly recommend readers avoid receiving MFA codes via SMS, as these can potentially be intercepted. They're easy to use and free, but they do require you to have a functional smart device on hand. These apps generate one-time use codes you enter along with your username and password. We think authenticator apps are a good starting point for anyone new to MFA. The two most common methods for MFA are authenticator apps for smartphones and one-time use codes sent via SMS. While some forms of MFA are more secure than others, what's most important is that you choose the one that works for you and that you actually use it. The most important thing you, as a reader, should take from this article is that you should be using MFA wherever it's offered. When Google required its employees to use hardware security keys, account takeovers effectively dropped to zero.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |