WebProNews

Tag: Security Key

  • Twitter Adds Support for Security Keys for 2FA

    Twitter Adds Support for Security Keys for 2FA

    Twitter has added support for security keys to support two-factor authentication (2FA).

    2FA is widely considered to be an important step in securing accounts and information. With 2FA enabled, a user does not gain immediate access to their account when they log in using their username and password. Instead, they are required to take an additional step, such as confirming the login via their phone or other device, providing a fingerprint or using a security key.

    A security key has some distinct advantages over other forms of 2FA, as Twitter highlights in their blog.

    Security keys are small devices that act like keys to your house. Just as you need a physical key to unlock the door to your home, you need a security key to unlock access to your account. Security keys offer the strongest protection for your Twitter account because they have built-in protections to ensure that even if a key is used on a phishing site, the information shared can’t be used to access your account. They use the FIDO and WebAuthn security standards to transfer the burden of protecting against phishing attempts from a human to a hardware device. Security keys can differentiate legitimate sites from malicious ones and block phishing attempts that SMS or verification codes would not.

    For the time being, security keys will only work with Twitter.com, not the mobile apps. Nonetheless, the new feature is an important step in security Twitter accounts.

  • Google Launches Security Key For USB-Based Security

    Google Launches Security Key For USB-Based Security

    Google announced a new way to enhance its 2-step verification security called Security Key, which works through a USB device.

    Security Key, Google says, is for “particularly security-sensitive” individuals. Don’t worry. If you’re just a common user, and want to use 2-step verification, you don’t have to carry the extra hardware around with you all the time.

    Google explains in a blog post:

    Security Key is a physical USB second factor that only works after verifying the login site is truly a Google website, not a fake site pretending to be Google. Rather than typing a code, just insert Security Key into your computer’s USB port and tap it when prompted in Chrome. When you sign into your Google Account using Chrome and Security Key, you can be sure that the cryptographic signature cannot be phished.

    Security Key and Chrome incorporate the open Universal 2nd Factor (U2F) protocol from the FIDO Alliance, so other websites with account login systems can get FIDO U2F working in Chrome today. It’s our hope that other browsers will add FIDO U2F support, too. As more sites and browsers come onboard, security-sensitive users can carry a single Security Key that works everywhere FIDO U2F is supported.

    You’ll have to buy a compatible USB device from a U2F participating vendor, but it works with Google Accounts for no extra charge. You can find devices for sale on Amazon.

    Image via Google