What are USB Security Keys?
Security keys are a way to keep your online passwords safe.
Security key´s are one of the best ways to protect your online account´s because once you have the key, only you can authorize a login to your account, even if the password is entered correctly.
A USB security key (also called a U2F key) is a USB harddrive and you plug it into one of your computer’s USB ports. Security keys are a two-factor authentication method that adds an additional layer of security when you log in. You use it to ensure that you are the person actually accessing a website or service. In reallity, a security key is a physical security device with a totally unique identity. It has a small chip with all of the security protocols and code that allows it to connect with servers and verify your identity.
Some security keys even have NFC and/or Bluetooth built in, making them perfect for use with newer Android and iOS smartphones. The keys work with browsers like Google Chrome, along with web services like Instagram, Facebook, Twitter, Dropbox, GitHub, Gmail, 1Password, Microsoft, and many others.
Security keys are yet another layer of two-factor security, but instead of scanning a body part or sending you a code, you plug the device into your computer and tap a sensor on it to get it to grant you access to whatever you’re protecting. Not unlike those one-time codes you received via email or SMS when logging into certain sites or the scans of your face or fingerprint used to unlock your smartphone or laptop.
How does a security key work?
When you connect a computer wirelessly or insert a security key into your computer, your browser issues a challenge to the key, which includes the domain name of the specific site you are trying to access. The key then cryptographically signs and allows the challenge, logging you in to the website. After logging in normally, sites that support it will ask you to briefly insert the key into a USB port and tap the button with your finger. The key is a 'second factor', which means you use it in addition to your password.
Why should I use a Security Key?
Security keys protect you against account takovers, phishing attacks and impostor websites that try to steal login credentials to sensitive accounts like your social accounts, email and networkaccounts. Other forms of two-factor authentication (like authenticator apps, text messages, and push notifications) do not give you the same level of protection as a security key.
What if I lose my Security Key?
If someone steals your key, they can't get into your accounts without knowing your logins. Your hardware security key works in addition to your account login credentials. So, if you have lost your security key, you can always resort to a backup method of two-factor authentication. You can then gain access to your online account, remove your lost or stolen security key, and either add another or continue using a backup method.