Skip to main content

This tiny Google product could help secure your accounts

[ad_1]


You may have heard about a weird new product from Google: a little device called the Titan Security Key that will serve as a form of two-factor authentication. That means you would use the gizmo as part of a login process to verify that you are, in fact, you. Instead of getting a text message with a code, you plug the security key into your computer and press a button.



You can’t buy one of these yet (Google says it will be available to the general public “soon”), but the announcement is a good reminder that setting up two-factor authentication on your accounts is one of the easiest ways to keep your info private— even if your username and password are compromised.



“We see consistently that in a large percentage of cyber incidents, had individuals had some sort of multi-factor authentication, they would have at least delayed—or made it slightly harder—for attackers to gain access,” says Oren Falkowitz, the CEO of Area 1 Security, a firm that helps prevent phishing attacks.



In short: using two-factor authentication is smart, but a physical key isn’t your only option.



Text me?



Security experts say that receiving a code by text is the weakest of the two-factor options. Getting verification via text is pretty simple: you try to log onto an account, but first have to enter a code that’s sent to your phone. It’s easy to set up and understand—and certainly better than nothing—but the method has its flaws.



“I would say SMS is by far the worst,” says Lorrie Faith Cranor, a professor of computer science at Carnegie Mellon University and a former chief technologist with the Federal Trade Commission. “[That’s] because SMS relies on an insecure channel in the phone network that was never meant to be used for security."



Besides the fact that the channel isn’t secure, a related problem with using SMS to receive a code is “account hijacking,” Cranor says. In that case, an attacker may use a tactic like this: they’ll go to a phone store, pretend to be someone else, and have the victim’s phone number transferred to a new phone.



This could lead to unpleasant scenarios like an attacker withdrawing money from a victim’s bank account, Cranor says. “We’ve also seen it where they go to the victim’s Twitter account, and then start tweeting as them,” she adds.


Actually, don’t text me



Security experts say that there are better options than just getting that code texted to you, though. One of those is using an app like Authy, or another called Google Authenticator, to generate the six-digit number you need. Those codes expire after a set amount of time, like a self-destructing message on Mission: Impossible.



And then, of course, there’s using a gadget that you plug into your computer or connect via Bluetooth. One well-known choice is a YubiKey, and another is the forthcoming item from Google. “It’s very hard to circumvent a physical security token,” says Amine Hambaba, senior director for security at Shape Security. That’s because if a remote attacker had access to your username and password, they still would need to get their hands on a tangible object.



Google says that they’ve had success using them internally. “We have had no reported or confirmed account takeovers since implementing security keys at Google,” a company spokesperson says via email. And the Titan key doesn’t work with just Google accounts—you can also use it with other accounts that support using a security key.



Ultimately, a physical key is a strong way to secure an account, but it’s not a shield against all online threats. Having one won’t stop you from a downloading a malicious file, for example. And there are obvious drawbacks to using a physical object for authentication.



“I think it’s good for security,” says Cranor, of CMU. “But it’s not always the most convenient approach.” That’s because you have to carry it with you to actually use it, like an old-school house key. “It’s another thing to have to keep track of, and manipulate,” she adds.



Whether or not you plan on buying a Google key, it makes sense to turn on two-factor authentication on key accounts that allow it—head over to sites like Facebook and Gmail and do it now.




[ad_2]

Written By Rob Verger

Comments

Post a Comment

Popular posts from this blog

Ice technicians are the secret stars of the Winter Olympics

[ad_1] The emphasis of this year's two-week-long Winter Olympic Games has been placed squarely on the Olympians themselves. After all, the stated purpose of the international competition is to bring together the world’s greatest athletes in a nail-biting competition across fifteen different winter sports. But before the curlers, skiers, and skaters even arrived in Pyeongchang, South Korea, the Olympians of the ice technician world were already a few weeks deep in a competition of their own. Mark Callan of the World Curling Federation and Markus Aschauer of the International Bobsleigh and Skeleton Federation both say they’re hoping to make the best ice the Winter Olympics have ever seen. To transform the barren concrete jungle of existing tracks and arenas into an ice- and snow-covered wonderland is an enormous undertaking. And it takes a keen understanding of the physics and chemistry that keeps frozen precipitation pristine. Curling Callan has been making and maintaining ic...
Post a Comment
Read more

Humans flourished through a supervolcano eruption 74,000 years ago (so you can make it through Tuesday)

[ad_1] About 74,000 years ago, a large chunk of a Pacific island exploded. It sent ash and other debris around the world, including to the southern tip of Africa, where it would be found by a team of international scientists and entered as the latest data point in one of the hottest debates in paleoanthropology ( I know ): Did the Toba supervolcano thrust our planet into a 1,000-year volcanic winter, thus bottle-necking animals and plants alike? Or was it just a little blip on our historic radar? That’s the contentious arena into which our intrepid researchers venture, this time with a new study in Nature establishing that humans in modern-day South Africa not only survived, but flourished after the Toba eruption. Where once was (we think, maybe) a mountain, there is now a huge caldera with a lake inside, and an island inside that. Their evidence shows that debris from the explosion landed 9,000 kilometers (5592.3 miles) away, the farthest distance traveled ever recorded for the ...
Post a Comment
Read more

These 1950s experiments showed us the trauma of parent-child separation. Now experts say they're too unethical to repeat—even on monkeys.

[ad_1] John Gluck’s excitement about studying parent-child separation quickly soured. He’d been thrilled to arrive at the University of Wisconsin at Madison in the late 1960s, his spot in the lab of renowned behavioral psychologist Harry Harlow secure. Harlow had cemented his legacy more than a decade earlier when his experiments showed the devastating effects of broken parent-child bonds in rhesus monkeys. As a graduate student researcher, Gluck would use Harlow’s monkey colony to study the impact of such disruption on intellectual ability. Gluck found academic success, and stayed in touch with Harlow long after graduation. His mentor even sent Gluck monkeys to use in his own laboratory. But in the three years Gluck spent with Harlow—and the subsequent three decades he spent as a leading animal researcher in his own right—his concern for the well-being of his former test subjects overshadowed his enthusiasm for animal research. Separating parent and child,...
Post a Comment
Read more