Skip to content
Deep Core Data Logo
  • Home
  • About
    • Careers
    • Case Studies
      • Case Study: Research and Development
      • Case Study: Electronics Manufacturing
      • Case Study: Technical Services
      • Case Study: Financial Advice
    • In the News
    • Testimonials
  • Services & Solutions
    • Managed Services
    • Server Hosting and Maintenance Services
    • Legacy System Adoption
    • Business Process Automation
  • Blog
  • Contact
  • Portal
  • Home
  • About
    • Careers
    • Case Studies
      • Case Study: Research and Development
      • Case Study: Electronics Manufacturing
      • Case Study: Technical Services
      • Case Study: Financial Advice
    • In the News
    • Testimonials
  • Services & Solutions
    • Managed Services
    • Server Hosting and Maintenance Services
    • Legacy System Adoption
    • Business Process Automation
  • Blog
  • Contact
  • Portal
Previous Next
Can Security Keys Prevent Phishing?

Can Security Keys Prevent Phishing?

Look out, phishermen, there is a hot new cybersecurity tool on the market called a security key, and it aims to foil the plans of nefarious hackers everywhere.

This Tuesday, Google revealed that since they issued company-wide security keys in 2017, they haven’t had a single phishing incident. Which is great considering just how much of the internet runs on Google these days, but then, I would hope that Google’s employees are smart enough to recognize phishing scams when they encounter them. But what are security keys? How do they work and what makes them more secure than two-factor authentication?

To begin with, security keys are devices roughly the size and shape of a USB stick that transmits a Universal 2nd Factor (U2F) authentication code when users push a button on the device. There are even instances where these devices can be linked to a website with U2F authentication enabled and completely eliminate the need for a password. Unfortunately, not many websites have U2F authentication enabled, but now that Google is singing its praises, I’m sure many other websites soon jump on the bandwagon.

Here’s the thing: having a security key doesn’t prevent you from falling for phishing schemes. Your password data can still be stolen. What it does is act as a roadblock so that if a malicious party does get ahold of your password, they are unable to access your accounts, just like two-factor authentication. What makes U2F authentication and security keys different is that the code authorizing access comes directly from a device in your possession, and is not sent by the website itself.

You see, in recent years, hackers and other malicious parties have developed work arounds for two-factor authentication, whether that’s by intercepting the code as it is sent to a device or email, or by exploiting password recovery systems.

This infographic from wavesys.com explains in a little more detail how different forms of authentication work.

The thing is, this technology isn’t really all that new. For example, the video game company, Blizzard, has been offering security keys for $5 since 2008, and Google itself has been offering a security key since 2014.  Back then, it only worked on the Chrome browser, so the technology has definitely improved, but if they’re so good at protecting online accounts, why don’t more people have them? Is it a lack of advertising? Perhaps, but I think the answer is a lot more simple.

It’s a physical device, and a small one at that. On their own they’re easy to lose, and while many purveyors of security keys recommend attaching them to your keychain, just think about how many hours you spend a week, wandering around your house, looking for your keys. Yes, there are systems in place to recover your account in the event you lose a key or it gets stolen, but they vary from site to site, and can take up quite a bit of time as you attempt to prove your identity.

An actual picture of me and my friends, trying to find my keys.

Personally, I am not all that inclined towards purchasing a physical product to solve a problem that can be avoided by employing a little bit of due diligence and being suspicious of strange links. Luckily, there are a number of phone apps such as the Google Authenticator available that work in a very similar fashion. They’re a little less secure than the USB stick variety of security keys, but I am a lot less inclined towards losing my cell phone.

Either way, black hat hackers are going to have a harder time getting into your personal accounts, whether you chose to invest in a USB security or take the phone app route. The state of cybersecurity is changing, and it looks like it’s in our favor. So take that, hackers! Your days of terrorizing the internet are nearly over!

Andrew Sonstrom2018-07-26T11:59:44-04:00July 26th, 2018|Business Practices, Current Technology|

Share This Story, Choose Your Platform!

FacebookTwitterLinkedInGoogle+Email

About the Author: Andrew Sonstrom

Andrew is a technical writer for Deep Core Data. He has been writing creatively for 10 years, and has a strong background in graphic design. He enjoys reading blogs about the quirks and foibles of technology, gadgetry, and writing tips.

Leave A Comment Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Categories

Recent Posts

  • IT Solutions for Weathering a Downturn
  • Why Does Rebooting Fix So Many Problems?
  • 3 Ways to Get a Handle on Pesky Scam Emails at Your Company
  • Why Turning On Number Matching Is Now Urgent
  • Better Authentication Options in 2022

Past Posts

Deep Core Data

180 Elm Street
Suite 05-210
Waltham, MA 02453

Phone: +1 (844) 567-3100

Email: inquiries@deepcoredata.com

  • Recent
  • IT Solutions for Weathering a Downturn
    November 16th, 2022
  • Why Does Rebooting Fix So Many Problems?
    November 2nd, 2022
  • 3 Ways to Get a Handle on Pesky Scam Emails at Your Company
    October 19th, 2022

Subscribe to Our Blog

Join and receive FREE
"Developer's Checklist: Creating World-Class Software"


Quick Links

  • Home
  • About
  • Careers
  • Services and Solutions
  • The DCD Blog
  • Contact Us
  • Managed Services Provider
  • Local Waltham-Area MSP
  • Managed Services
  • The Project Tasks System
  • Touchless IT
  • Testimonials
  • Case Studies
  • Case Study: Financial Advice
  • Case Study: Technical Services
  • Case Study: Electronics Manufacturing
  • Case Study: Research and Development

Services

  • Archaeology Services
  • Data Recycling
  • External IT Auditing
  • Software Deployment

Subscribe to Our Blog

Join and receive FREE
"Developer's Checklist: Creating World-Class Software"


  • Recent
  • IT Solutions for Weathering a Downturn
    November 16th, 2022
  • Why Does Rebooting Fix So Many Problems?
    November 2nd, 2022
  • 3 Ways to Get a Handle on Pesky Scam Emails at Your Company
    October 19th, 2022

Subscribe to the Core Report

Enter your email address to subscribe to our newsletter and receive a new issue each month.


Copyright 2017 Deep Core Data, LLC© | All Rights Reserved | Wildwood SEO
Twitter