Fingerprint Verification YubiKey Bio Security Key Helps Ban Passwords

Yubico on Tuesday began selling two new hardware security keys called YubiKey Bio that incorporate fingerprint recognition to add an extra level of login security on a single device. UBS-C stick costs $ 85 and USB-A stick costs $ 80.

Hardware security keys such as Yubico’s are often used in combination with passwords to strengthen conventional login processes. A hacker with your password also cannot access your account without the security key. Hackers cannot download millions of hardware security keys like they can with stolen passwords.

The Organic YubiKey Keys add another layer of protection to the authentication process by activating a second identification factor, a fingerprint. This could completely replace a password on sites like Microsoft’s that allow you to save the key. The key itself stores fingerprint data and tells the site when you have successfully authenticated.

YubiKey Bio Keys are part of a growing movement to reverse passwords, the reigning method for login technology. Passwords are convenient and familiar, but face many security gaps. They can be stolen, forgotten, reused, and easily guessed.

Tech giants like Microsoft, Facebook, and Google are pushing password weaknesses and, in some cases, going beyond them altogether. In addition to the hardware security keys, the tech industry alleviates password problems with biometrics, authentication applications on phones and an authentication standard called FIDO (Fast Identity Online).

Google, a huge player with billions of people using services like Gmail, YouTube, and Google Workspace, is working hard to overcome the weaknesses of passwords alone. On Friday, he announced that he had handed over 100,000 of his own Titan hardware security keys to election officials and women politicians, activists, journalists and executives through his advanced protection program. And on Tuesday, he announced that this year he will switch 150 million people to two-factor authentication (2FA), which he calls two-step verification (2SV). It also uses hardware security keys to protect employee accounts.

I tried the YubiKey Bio with my Microsoft account without a password and found it to be easy to set up throughout the process of adding a hardware security key offered on the Microsoft account page. (Head to its Security section, then the Advanced Security Options subsection.) Once I registered my fingerprint, logging in involved entering my username, inserting the key, and then signing in. touch the fingerprint sensor of the YubiKey bio.

The key also contains a PIN code. This ensures that it can be useful for sites that do not support the biometric approach. However, they do not support the NFC wireless links that other security keys use to communicate with phones.

The YubiKey Bio, released to coincide with National Cyber ​​Security Awareness Month, is not the first biometric security key. Feitian, a Chinese company that also manufactures Google’s Titan hardware security keys, has been selling its BioPass keys for years. Yubico, based in Sweden, is the largest manufacturer of security keys.

Significant obstacles have prevented hardware security keys from becoming mainstream. The differences from conventional physical keys outweigh their outward similarity. They cost a lot more than conventional keys, and you can’t just make a copy of them at a mall kiosk. Hardware security keys are also more complex to manage, such as saving them for use on multiple websites.

If you can stand the hassle, however, hardware keys offer major security benefits. Hardware keys protect against phishing attempts using fake websites because they are registered with specific websites. Unlike conventional keys, a single hardware security key can be used to log into many sites.