![]() ![]() ![]() So, it was with interest this summer that I observed Google announce its Titan Security Key, a tiny USB device (or Bluetooth version for mobile devices) offering hardware-based two-factor authentication (2FA) for online accounts. Yubico isn’t aware of any attacks that have abused this, but the company is proactively replacing affected devices.As a regular online, not to mention a mild cynic, I like to see myself as having a 'fortress mentality' when it comes to my own data protection, data privacy, and online privacy. These devices are just for government agencies and contractors- we don’t recommend FIPS unless you’re legally required to use it. Yubico’s issue only affects YubiKey FIPS Series devices-not any consumer devices. As Yubico’s security advisory explains, these keys have insufficient randomness after device powerup, which could make their encryption vulnerable. Each has had to recall some security keys due to hardware flaws. RELATED: How to Secure Your Accounts With a U2F Key or YubiKey Why Have Google and Yubico Recalled Keys? Yubicoīoth Yubico and Google have been in the news lately. With Google’s optional Advanced Protection program, you can even require a physical security key to log into your account. You can use your key as a hardware security token to sign into accounts like your Google, Facebook, Dropbox, and GitHub accounts. They function as another type of two-factor authentication: Rather than a code you type in, it’s a physical security key you insert into a USB port-or it can communicate wirelessly via NFC (near-field communication) or Bluetooth. ![]() Physical security keys like Google’s Titan Security Key and Yubico’s YubiKeys use the WebAuthn standard, the successor to U2F, to help protect your accounts. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |