[ad_1]
If you have not heard of U2F security USB keys yet, this is probably the right time to get started.
Who reads Numerama with pbadion and regularity knows what a U2F security USB key. For others, we can summarize the concept very simply: it is a USB key that replaces the second factor during a double authentication on a web service. Today, protecting your accounts with dual authentication should be as common as choosing a pbadword. Tomorrow, these services will not send you a double authentication by SMS or by a generator, but will ask you to enter the USB key badociated with your account on a port and press its button.
This technique very largely reduces all security experts' concerns about double authentication: services will no longer need your phone number and it will no longer be possible for an attacker to steal your account by having access to your generator or your SIM card. In short, the key attached to your keychain will be the only way to enter one of your accounts – in addition to the pbadword.
Titan Key Google and the Titan Key
Google believes so much in technology that the giant has equipped all its employees U2F USB key, open standard approved by the alliance FIDO. This means that these keys are based on a protocol that does not belong to a company, but is developed by many actors. All the keys work with all sites that accept it: Facebook can for example be protected by a USB U2F USB key. Today, it takes another step towards the standard by announcing the key Titan, a key that will be sold to the general public and that will be based on all the open standards in force.
If many keys already exist, the one Google could launch the movement it lacks the standard to democratize. The U2F keys are used by professionals and the public services are compelled to cancel the benefits of these objects by systematically proposing another way to manage double authentication. Indeed, all the keys are not compatible NFC or Bluetooth, which means that you will not be able to connect on your smartphone with. A Facebook or a Google is therefore obliged to leave the option of a double authentication by phone number, which amounts to breaking the additional security of a U2F key – it will be enough for an attacker who has access to your number. phone to choose this option.
Google's USB stick could launch the movement it lacks the standard to democratize
The key of Google embeds the standard BLE U2F, which will allow to authenticate by Bluetooth. This does not necessarily delight the President of Yubico, a leader in the U2F key market and the main contributor to the FIDO alliance standard, who believes that it does not yet fully meet the security requirements set by the consortium. Stina Ehrensvard advocates indeed the USB and NFC keys – problem, none can authenticate an iPhone today, since the NFC chip of the Apple devices is not yet open.
Price and Availability Price and availability
The Titan key should be available in the coming months. In the meantime, if the format interests you, you can experiment with U2F dual authentication with these models approved by Numerama. Its price is unknown
Share on social networks
Source link
