The key to being safer online is actually a key
The key to being safer online is actually a key
Let's talk about seat belts. Specifically, the three-point belt that Nils Bohlin, a Volvo engineer, invented in 1959. The creation of Bohlin did not require companies to change the way they manufactured automobiles: it only added a part and a small additional step for drivers . However, the use of a seatbelt turned out to be much safer than driving without one, prompting a wave of innovation in car safety that continues today.
Stina Ehrensvard, executive director of online security company Yubico, sees parallels with her work trying to shape the future of online security. Internet appeared, fast, new, exciting and totally insecure: I needed a seatbelt. Ms. Ehrensvard has spent the last decade creating hardware and software that make the use of the Internet more secure without adding unnecessary complications.
Google, Yubico and others offer security keys for different devices and ports, but they all work basically the same way.
Photo:
David Pierce / The Wall Street Journal
I've been testing Yubico's newest product, the YubiKey 5, along with a new Google gadget called Titan Key. Both devices connect to a computer, which authenticates it with a "handshake" that can be more secure than a password or an authorization code. They can also do the same with some smartphones, either by connecting to a port or communicating wirelessly.
At this moment, a key like this is your best defense against anyone who tries to enter your email, social networks or work accounts. They are also the beginning of a complete overhaul of how Internet security works, one that could finally eliminate the password.
Dance the two steps
Keys like the ones I've been testing are known as a "second factor" in your Internet security arsenal. You may have heard of two-factor or two-step authentication: the first factor is almost always your password, while the second is usually a code sent or generated by your phone.
But the second factor can really be anything that can show that you are actually typing the password.
Insert the $ 50 YubiKey 5 into a USB port or touch it on the back of your Android phone, and it will help you keep your things safe.
Photo:
David Pierce / The Wall Street Journal
Why do we need this? Because passwords are a disaster. Years of pirouettes have exposed an absurd amount of user data: The researchers at Google estimated those 3.3 billion credentials were exposed for violations between March 2016 and March 2017. That included several of my passwords and probably some of theirs. Because many people reuse passwords in all services, any breach can be extended throughout their lives on the Internet.
I recommend configuring any type of two-factor authentication that can, especially in your most sensitive accounts. Your email, certainly, but also your banks, your file storage and anywhere you keep things you would prefer not to lose. Match that with a good password manager, and you're ahead of the game.
Block it
A security key is the safest two-factor device you'll find, although it's probably an exaggeration for most people. I like the Google Titan Key and the YubiKey, which comes in various sizes and types of USB. Everything costs between $ 20 and $ 60. They work perfectly with computers, but they are also increasingly compatible with the phone, if you use Android. For now, iPhone users basically have no luck, although Yubico is working on a product for Apple's Lightning port.
Applications like Twitter and Facebook already support security keys: look for the option in the security settings of your account.
Photo:
Emily Prapuolenis / The Wall Street Journal
Once you obtain a password, configure it by registering it in the settings of the application you are using: Sites such as Gmail,
Y
It already supports security keys, and the numbers are growing rapidly. Once it is configured, simply plug it in when prompted, usually after typing your password. Then, touch a button on the key, which confirms that there is a human at the helm. The smallest YubiKeys can hide in your USB port, so all you have to do is touch.
Why leave it in? Hackers who enter your password probably do not have physical access to your laptop. Similarly, someone stealing your laptop probably will not have your passwords. When you touch, the application quickly checks the key and lets you enter.
Security keys do not send anything sensitive over the Internet. They use a system called public key cryptography to verify their identity: the application sends a secret code that only you can identify, when your "private key" decrypts it and then encodes a response message and sends it back, a thumbs up that you are the one you claim
You do not need to understand all that to use this technology, but here is an explainer If you want to know more.
Android phones are compatible with security keys and can often be connected to a charging port as in this Google Pixel 3. Unfortunately, iPhones still do not accept keys.
Photo:
Emily Prapuolenis / The Wall Street Journal
Security keys also help protect users from being cheated of their credentials through a process known as phishing. If you receive an official-looking email from
By instructing you to review the activity of your account, a security key will try to verify that it is on the actual site. If you are actually on a page designed to steal your credentials, you will not be able to sign in.
Even if you use a key only on your computer, it's still worth having one around. It's much faster than taking out your phone every time you need to log in to something. And it's good to have a spare on hand if you ever lose your key: without it, recovery can be a multi-step process. Even if it is stolen, hackers can not turn it against you unless they also know your passwords.
Was it post-password?
The passwords will not disappear soon, according to Brett McDowell, executive director of FIDO Alliance, a group that works on cybersecurity standards across all devices and services. (FIDO means Fast Identity Online). Passwords are mostly too entrenched. However, they do have some use: without them, what happens if you lose the keys? Still, he says, "passwords are losing their value as a credential with each passing year."
As with the keys to your house, it is always better to have a spare. Get a couple of keys and save them in different places, just in case.
Photo:
Emily Prapuolenis / The Wall Street Journal
The technology you need for better security will not always be a key. Any device that works via USB, NFC or Bluetooth is currently compatible with FIDO technology. It could even be a chip inside your phone or laptop that allows you to log in all the way you unlock your device: your fingerprint, or face, could be the only password you need anywhere.
In that world, life online becomes much easier. You sit on your computer and, as soon as you enter, you immediately log in to every application and service you use. The system may be configured to periodically check the writing patterns or word options to make sure it is still on the keys.
Once you've set everything up, you could say, security should never get in your way again. It's only there in case something happens, making sure it comes out unharmed.
For more analysis, reviews, advice and holders of WSJ Technology, Subscribe to our weekly newsletter.
Write to David Pierce at david.pierce@wsj.com
.
!function(f,b,e,v,n,t,s)
{if(f.fbq)return;n=f.fbq=function(){n.callMethod?
n.callMethod.apply(n,arguments):n.queue.push(arguments)};
if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version='2.0';
n.queue=[];t=b.createElement(e);t.async=!0;
t.src=v;s=b.getElementsByTagName(e)[0];
s.parentNode.insertBefore(t,s)}(window, document,'script',
'https://connect.facebook.net/en_US/fbevents.js');
fbq('init', '369524843414444');
fbq('track', 'PageView');
.
SOURCE LINK ERESVIRAL.COM https://www.beviral.online
Comentarios
Publicar un comentario