Best Reviews logo
Best Reviews may receive compensation for its content through paid collaborations. See how we sustain our work & review products.
How Do Security Keys Work and Are They Safe?

How Do Security Keys Work and Are They Safe?

By Tamás Ő.Tamás Ő. Verified by Adam B.Adam B. Last updated: August 4, 2024 (0)

Imagine the following scenario: you are sitting in front of your computer, managing your finances through online banking when you suddenly receive an email from the bank explaining that someone else is trying to log in under your name and that they need to authenticate your identity. The sender’s email address and story checks out, and so you provide your credentials and carry on. However, the next day you discover that all your savings are gone because you’ve been spoofed by a fake address.

USB key in a laptop

The moral of this story is that after someone gets hold of your login data, there is nothing to stop them from exploiting your account; they even know how to circumvent a second authentication step as cyber criminals are more than capable of intercepting messages and emails, only to use them to empty your wallet or send malware. And even though this particular scenario seems a bit farfetched, many Bitcoin owners have lost their cryptocurrency due to similar scams.

Physical authentication vs digital authentication

Security keys are hardware alternatives to digital authentication. These are slick thumb drives or key fobs with a button on them that does the identification for you. Online verification includes some form of SMS or email message that asks you to drop the login process and copy over a code or click on a link. In the case of a security key, it is plugged into your computer or wave it in front of an NFC-enabled smartphone and after the message pops up just press the button and voila, authentication is taken care of.

Security keys are not only faster and easier to use but also safer. It’s a serious blow to phishers since even if they do get their hands on your email address and password they still won’t be able to use them unless they also have the thumb drive key. In other words, this security hardware prevents people on the other side of the world from messing with your account. Of course, losing the key will potentially open up a security hole but it can be easily countered by denouncing the key like you would if you lost your credit card.

The titan security key from Google

For some time the number one security key was YubiKey but the company has met with a fearsome competitor in the form of Google, who just released its own take on hardware-based authentication. The Titan Security Keys are available from the Google store and despite looking like any other product of its kind, there are a few clever features under the hood. Ordering Titan provides two different keys, a wireless key fob and an NFC-compatible USB drive, both of which are capable of interacting with desktop computers and touchscreen devices – which isn’t something that every YubiKey can do.

What makes Titan interesting is the addition of Google’s Advanced Protection Program. In order to use it you need to register both of your keys. In the next step the system logs you out from every device and service that uses your Google account. From that point, the only way to log in with that account is by using the physical key as a secondary authentication. In brief, Advanced Protection grants extremely tight security at the cost of a slight inconvenience.

Who guards the guardians?

Of course, the new technology isn’t without issues. Even though these devices prevent data phishing so long as the keys are in your possession, what happens if someone tampers with the hardware before it is are delivered to you and ultimately hiding a backdoor for future exploitation? The inherent danger of physical authentication was brought to light by Google when it was revealed that the company imports the devices from Feitan, a Chinese manufacturer.

Google Titan Key With Box

Whether or not Google came up with its own patented idea and Feitan only produced it or the U.S. tech giant simply slapped its name on someone else’s product is still undetermined, but the irony of entrusting a country infamous for waging cyber espionage against the U.S. to manufacture a product to protect our data from being stolen has not eluded us.


Best password managers of 2024

Editor's choice
RoboForm logo
Editor's rating:
(4.5)
Effective security center
Passkey compatibility
Intuitive and organized interface
Affordable prices
Families
LastPass logo
Editor's rating:
(4)
Logical interface
Automated password categorization
Advanced mobile version
Various two-factor authentication options
Businesses
1Password logo
Editor's rating:
(4.5)
End-to-end encryption
Secure authentication method
Data breach alarms
One-time password support
Security features
Keeper logo
Editor's rating:
(4.5)
Robust security
Wide range of platform support
Affordable
Great customer support
Personal use
NordPass Personal logo
Editor's rating:
(4.5)
Strong security features
Effective password generator
Excellent free version
Attractive price
Password sharing
Dashlane logo
Editor's rating:
(4)
Password changer
Built-in VPN
Flawless data import
Thorough iOS/Android app
Local storage
Enpass logo
Editor's rating:
(4)
Packed with features
Free for desktop users
Offline password manager
End-to-end encryption
User Feedback

 Leave a reply

Your email address will not be published. Required fields are marked *


Best Reviews

Best Reviews may receive compensation for its content through paid collaborations and/or affiliate links. Learn more about how we sustain our work and review products.

©2012-2024 Best Reviews, a clovio brand – All rights reserved
Privacy policy · Cookie policy · Terms of use · Partnerships · Contact us