The Saving Advice Forums - A classic personal finance community.

USB Security Keys

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    USB Security Keys

    While it's not directly savings related, security keys might assist in securing some of your on line accounts.

    I am currently experimenting with Yubikey. If you haven't heard of it before, it's a small device which you register with your accounts, then plug in the first time you log in from a new device. Even if someone steals your user name and password, with out the physical security key they can not get in.

    If you consider trying it, I would recommend purchasing two keys, in case you lose one. They have to be individually registered with each site. In my case, the first will be kept in my house, while the second will be maintained in a safety deposit box.

    Their are dozens of sites that use these, but at the moment the list is pretty limited in scope for me. They include: Google, Proton Mail, Facebook, Twitter, and Ebay. I was a bit disappointed that though my bank has an entire webpage devoted to online, two factor security, they currently don't have this as an option. Nor did my retirement accounts offer it. I do believe securing the email accounts though was still worth the cost.

    Cost are about $50 each. And beware, if you manage to loose your key it's going to be a bad day if you don't have a back up.
    Tags: None
  • #2
    I think I'd be more paranoid about something happening to the key than I would be about someone hacking my accounts.

    Do you only need to use the key one time or every time you log in? And what about when you log in from your phone?
    Steve

    * Despite the high cost of living, it remains very popular.
    * Why should I pay for my daughter's education when she already knows everything?
    * There are no shortcuts to anywhere worth going.

    Comment

    • #3
      This has largely been replaced by 2FA, or 2-factor authentication which should be a standard offering from banks and other web services that allow access to their sites.

      I would not pay for yet another service or an encumbrance such as a physical device that has to be carried. Been there, done that, for work, back in the days of carrying an RSA security token.
      History will judge the complicit.

      Comment

      • #4
        Originally posted by ua_guy View Post
        This has largely been replaced by 2FA, or 2-factor authentication which should be a standard offering from banks and other web services that allow access to their sites.
        Exactly. I'm not sure what this physical key accomplishes different than 2FA. I already have my phone with me at all times. I wouldn't want to have to carry the key thing too, and certainly wouldn't want to pay for it.
        Steve

        * Despite the high cost of living, it remains very popular.
        * Why should I pay for my daughter's education when she already knows everything?
        * There are no shortcuts to anywhere worth going.

        Comment

        • #5
          It is used the first time you log in from a new device. After that you're good, until you revoke that device as trusted, then you would need it again.

          For cell phones that have NFC enabled, you just need to hold it against the back of the phone and it is recognized. That said, I couldn't get my phone to pick it up (either my case is too thick or I don't have NFC automatically enabled). I do however have a USB-A to USB-C adaptor which worked just fine.

          The concern (paranoid or not) is that using text messages as your 2FA isn't as secure as you might think it is. Sim swapping is becoming a thing, where I go to your cell phone company, claim to be you and purchase a new phone in your name with your number. Additionally removing your cell phone number is one less method for Google or Facebook to track you buy.

          The additional level of online security and privacy may not be a priority for you. I am aware of two separate individuals who did have their social media (Facebook) accounts hacked. One believes it was an ex-girlfriend, while the second probably clicked a link in a scam email.

          Comment

          • #6
            Originally posted by myrdale View Post
            The additional level of online security and privacy may not be a priority for you. I am aware of two separate individuals who did have their social media (Facebook) accounts hacked. One believes it was an ex-girlfriend, while the second probably clicked a link in a scam email.
            Yeah, pretty much. I'm not that concerned about security and there is no such thing as privacy online. I know lots of people that have had social media accounts hacked. They changed their passwords and moved on. We've had credit cards and other accounts breached numerous times. We got new numbers, changed our passwords, and went on with our lives.
            Steve

            * Despite the high cost of living, it remains very popular.
            * Why should I pay for my daughter's education when she already knows everything?
            * There are no shortcuts to anywhere worth going.

            Comment

            • #7
              Originally posted by disneysteve View Post
              Yeah, pretty much. I'm not that concerned about security and there is no such thing as privacy online. I know lots of people that have had social media accounts hacked. They changed their passwords and moved on. We've had credit cards and other accounts breached numerous times. We got new numbers, changed our passwords, and went on with our lives.
              My debt card has only been breached once. I suspect it was a skimmer at a gas pump or a cashier at a restaurant. There are services which can issue virtual cards for making online payments, but that isn't going to help in daily scenarios.

              This type of technology will (or at least should) completely eliminate the ability to hack social media accounts.

              Absolute privacy online is probably a pipe dream, but in addition to the other privacy tools I've mentioned in the past, it is an attempt to reduce your foot print, even if you can't remove it all together.

              Comment

              • #8
                Originally posted by myrdale View Post
                There are services which can issue virtual cards for making online payments, but that isn't going to help in daily scenarios.
                ApplePay or the Google equivalent takes care of much of that. By paying with your watch or phone, there's no physical card, nothing for a thief to skim or copy or steal. Even if they get a hold of your phone, they would need the means to unlock it to access the credit card (password or facial recognition).

                My daughter just got an Apple credit card and they don't even send you a physical card unless you specifically request one. When you do get a card, it is completely blank - no name, no numbers, no expiration date, no security code.
                Steve

                * Despite the high cost of living, it remains very popular.
                * Why should I pay for my daughter's education when she already knows everything?
                * There are no shortcuts to anywhere worth going.

                Comment

                • #9
                  I won't say wanting extra security is paranoid. But for most people, it amounts to attempting to safeguard against a perceived level of risk which is much greater than reality.
                  History will judge the complicit.

                  Comment

                  • #10
                    Originally posted by ua_guy View Post
                    I won't say wanting extra security is paranoid. But for most people, it amounts to attempting to safeguard against a perceived level of risk which is much greater than reality.
                    That’s exactly my thought as well. I’m not nearly important or visible or well known enough to be actively targeted. As long as you’re aware of the common pitfalls & moderately careful with what you do online, a simple firewall, antivirus software, reasonably secure passwords (especially if paired with 2FA), and maybe a VPN (merely peace of mind … not really necessary) are fully adequate for most people’s needs.

                    A hack that’s going to mess with your life will have to be targeted, or you’re going to have to make a significant mistake (on the order of granting administrator rights or root access to malware). Exceptions exist, but you & I are small fries…. Not worth a capable hacker’s time.

                    Comment

                    • #11
                      Originally posted by kork13 View Post
                      A hack that’s going to mess with your life will have to be targeted, or you’re going to have to make a significant mistake (on the order of granting administrator rights or root access to malware). Exceptions exist, but you & I are small fries…. Not worth a capable hacker’s time.
                      I don't disagree.

                      But my understanding is, some attacks aren't targeted directly at you. Some company you're associated might get hacked and the list of user names and passwords leaked, then they take that list and try those login credentials at a banking site. Even then you may be one out of ten thousand people on that list.

                      Comment

                      Previous template Next
                      Working...
                      X