When you log into your account, you input a password, which is a special string of letters, numbers, and symbols that only you should know. But if you have been updated with my blog, you should know how easy it can be for your password to be compromised. Imagine if you had a special key that unlocked your account, and couldn’t be hacked. In addition to being completely hack-proof, the key would be physical meaning that somebody who wanted to gain access to your account for malicious reasons would have to physically break into your house and steal the key.
The good news is, while hackers have been spending time getting better at hacking, the outside world has been improving on security to defend against those hackers. So now, I present to you the technology of U2F. This makes all of your security dreams come true.
What is U2F?
U2F (Universal Second Factor) is an authentication method that can be used in two-factor authentication. This means that you can configure your accounts so that somebody trying to log in needs both your password and the physical key. A U2F key is usually a USB device, but sometimes it can be a wireless NFC device.
U2F is also open source, which means you can take a look at the programming and algorithms behind it. That way, it is impossible for programmers to hide backdoors in their U2F programming. In fact, you can even make your own U2F key. If you are interested in making one, take a look at U2F zero. If you decide to assemble the U2F zero by yourself, all the components should cost around $5, although you’ll need some equipment to do it yourself. If you decide to buy it premade, you can do so on Amazon.
To log in with U2F, you would first type in your password. Then, insert your U2F key into your computer to log in. The downside of U2F currently is that not a lot of services support it. Google does though and think about how many times you have clicked sign in with Google. So theoretically, U2F is supported by all the services that use Google as a login method (of which there are millions.) This is yet another reason you should use U2F to secure your account; once someone gets into your Google account, they have access to everything.
U2F is really the best way to protect against phishing attacks.
What is 2FA (Second Factor Authentication)
Second Factor Authentication is essentially a second layer of security. If somebody uses 2FA, you need both their password and immediate access to something the user has on them. This item can be a phone or a U2F key. Usually, when 2FA is used, you enter a code that was sent to your phone via text message or an app. Then, you need to enter that code in the login page within a specific amount of time to unlock your account. When U2F is used, you insert a physical key instead of entering a code. So U2F is a way of doing 2FA. I hope that makes sense.
Why keep using passwords?
So now that you know about all the advantages that U2F provides, why not just use it instead of a password? The answer is simple. If you needed just one U2F key to log into all of your U2F accounts, all a hacker would need to break in would be that U2F key. If you think about it, having one U2F key would be like having one key for your house, car, bank, office, safe, bike, and everything else that has security. That is why U2F is just a second factor. It makes it impossible for somebody to log in unless they have access to both your password and U2F key. Unless you had a keyring with dozens of U2F keys for each of your accounts, you should keep your password.
Examples of U2F devices:
While U2F was created originally with Google and other tech giants, other companies are starting to create their own U2F devices. Here is a list of some of the devices.
HyperFIDO Titanium U2F Security Key: This key is made to be strong and durable, and can withstand spills and drops.
Thetis U2F Security Key: Although maybe not as durable as the HyperFIDO, this key is still durable. It looks like an ordinary flash drive, complete with the cover that slides over the USB.
Yubico U2F Security Key: This seems to be one of the popular options out there when it comes to U2F. Don’t let the minimalistic design fool you, Yubico claims that this key is crush-resistant and waterproof. There are also no moving parts to break off.
Yubico Yubikey NEO: This key is a special one. It features NFC security, meaning that you can even use it with your NFC compatible phone. Just tap it to the back of your phone, and you are ready to go. It is, however, a little pricey than the others at a price of fifty dollars.
While there are many other off-brand keys to review, the one I really like this one. It is also Amazon’s choice for U2F keys.
U2F Zero: This is the open source U2F key I mentioned earlier. It functions just like the other U2F keys out there. It is just a circuit board, which probably makes it weaker than the others. But it wouldn’t be too hard to 3D print a case for it…
So there you go. Now if you ever want to start using U2F (Which you definitely should), you are equipped with all the knowledge that you need.