Should I Use a Hardware Security Key?
When it comes to protecting your data online, you can never be too cautious or safe. The building blocks of online cybersecurity begin with strong passwords and two-factor authentication (2FA), however nothing is failsafe. Strong passwords can be hard to remember if you aren’t using a password manager, and 2FA can still result in data breaches.
That’s where a hardware security key comes in. Hardware security keys provide an extra layer of protection when you are online. With a security key, no one can access your accounts unless they have BOTH your password and the physical security key.
Should you use a hardware security key for your business? Let’s take a deep dive into what a hardware security key does, the pros and cons of using them, and what are the most popular security keys on the market today.
What is a Hardware Security Key?
A hardware security key is a way to secure your computer without having to rely on a password. Hardware security keys (also called security keys, U2F keys, or physical security keys) work in a similar manner to 2FA and multi-factor authentication.
Instead of receiving an SMS text message, email or notification on an authenticator app with an authentication code, the way you use a hardware security key is similar to how a regular key functions. You insert the key, usually the size of a thumb drive, into the USB port of your computer and that’s it — no need to enter anything else from that point on.
Security keys house a small chip with the security protocols and codes that allow it to connect with servers, websites, and apps and will verify your identity. Security keys essentially ‘communicate’ with the server and confirm you are who you say you are. The keys support an open-source universal standard called FIDO U2F, which was developed by Google and Yubico for physical authentication tokens.
You can think of a hardware key just like a hotel room key. When you visit the front desk to check-in, the front desk associate codes your key to your room. Once you insert the key into the door, the data on the key tells the locking mechanism you have permission to enter the room. Hardware security keys work in the same way.
Pros and Cons of Hardware Security Keys
As with most things in life, there are pros and cons to using a hardware security key. How do you know if they are a good choice to enhance cybersecurity at your business? Here are several points to consider:
- Convenience: Hardware security keys are incredibly easy to use. Most people working at a company in a role where they are required to use a computer are familiar with USB ports. Plus, you don’t need to install any extras like software or drivers and most people find hardware security keys are easier than using a password manager.
- Hassle-Free Recovery: Even if you lose your hardware security key, you don’t need to worry about being locked out of your accounts. Hardware security keys have a fallback number or code you can use until you can acquire a new key. Just be sure to keep your backup code in a safe place.
- Security: Hardware security keys are one of the most secure ways to protect your data. They cannot be reverse-engineered or intercepted and are a reliable choice.
- Phishing Proof: Even people who are aware of cybercrime and are cautious online can fall victim to phishing. Hackers are savvy and can lure users into sharing their passwords or online credentials. With hardware security keys, this risk is eliminated.
- Cost: Even though hardware security keys are relatively inexpensive, costs can add up for a large organization. Considering the costs of a cyberattack can reach tens of thousands of dollars for a small business, the cost of hardware security keys is a justified expense.
- Time/Learning Curve: Change can be a barrier to trying something new and different, particularly at an organization that hasn’t intentionally focused on cybersecurity. Hardware security keys, although easy to use, make take some time to be adopted by team members.
- Risk of Being Lost or Misplaced: Because of their size, hardware security keys can be misplaced or lost. A good way to keep track of your key is to attach it to your car keys or another keyring. After all, it is a ‘key’ and can be stored alongside other more traditional keys.
- Not Universally Supported: Most major websites support hardware security keys, but not all. While the technology is being rapidly adopted, some sites may not support them.
Best Security Keys on the Market
There are many hardware security keys on the market today for both business and personal use. Here are a few of our favorites for businesses that work with sensitive data like financials, customer information, and other highly confidential data.
- Yubico Security Key Series: The Yubico Security Key series is compatible with most of the online services that businesses use, including Google, Microsoft, Twitter, Facebook, GitHub, and Dropbox. It’s available for USB-C ports as the Yubico Security Key C NFC and for USB-A ports as the Yubico Security Key NFC. The Yubico Security Key series is also affordable at approximately $25 each, making it a budget-friendly choice for businesses.
- Yubico YubiKey 5 Series: The YubiKey 5 series is a step up from the Security Key series and supports a wider array of security protocols and is compatible with more online accounts. It also has more connection options including USB-A, USB-C, USB-C with NFC, and a dual-headed USB-C and Lightning-port model. Because this is an upgrade and provides additional features, the investment is higher at $45-$70 each, depending on which model you choose in the series.
- CryptoTrust OnlyKey: OnlyKey has a few interesting features that other hardware security keys lack, notably an onboard keypad that is used to enter a PIN, and a password manager. It supports several methods of two-factor authentication including FIDO 2 U2F, Yubico OTP, and TOTP. Other features include encrypted backup, self-destruct (which wipes the device after a certain number of incorrect PIN attempts), and the ability to update the firmware in order to access new features. The price for the OnlyKey is around $45.
- Kensington VeriMark: The Kensington VeriMark is FIDO U2F certified and offers a good balance of protocol support, cost, and most importantly, fingerprint scanning. The fingerprint technology combines biometric performance and 360° readability with anti-spoofing protection. The investment for this hardware security key is around $50 each.
Put Our Security Expertise to Work for Your Business
As a managed IT services provider, Everound has the expertise and experience to help you protect your business data from cyber threats. While not every business may need to invest in hardware security keys, it makes sense for companies that deal with sensitive customer data, financial records, and any information that could be tempting to steal.
If you are unsure if hardware security keys are a good fit for your business, reach out today for a free cybersecurity assessment. We can take a look at your network infrastructure and business processes to assess how vulnerable – or secure – your business is from a cyberattack.
Our cybersecurity assessments are free and there is no obligation to engage in our services. Complete our online form or give us a call to learn more. Let us focus on your IT so you can focus on your business.