Usernames and passwords for online services, such as Google and Facebook, are routinely being stolen by malware that is finding its way on to phones, tablets and laptops. Alternatively, people are being tricked into revealing their sign-in details through increasingly believable phishing ploys.
Whichever way they are obtained, account take-overs from stolen passwords allow criminals many opportunities: from attempting to access the victim’s bank account or obtain loans in their name to posting illegal content or adverts under their identity.
Account hijacking can be stopped in its tracks with FIDO standard U2F keys – simply register one of these hardware keys with all your compatible online accounts. The many online services that support U2F keys can be set up to require your key to be used whenever sign-in is attempted from a new device, so it won’t get in the way of day-to-day usage, but you have the peace of mind that stolen login information alone will not allow anyone else access to those accounts.
Security institutions and advisors no longer recommend the use of SMS as an additional means of account security, as it is too easily bypassed by hackers, making a physical form of secondary authentication the preferred solution. Unlike other hardware security tokens, U2F (Universal 2nd Factor) keys are not limited to a single service and they don’t need to be issued by a specific provider, which means you can buy a U2F key from anywhere, and register it yourself.
Compatible with Windows, Chromebook, Linux and Mac, U2F keys need no additional drivers or software; they work out of the box with Chrome and Opera browsers together with a growing number of online services that includes Facebook, Google, Dropbox, Github and Salesforce.com.
Key-ID U2F keys are readily available, they are FIDO certified, quick and easy to register and you can keep them handy on your keyring.