By now you’ve probably heard you should be using two-factor authentication, often called 2FA, to log in to your accounts. If you’re using 2FA, you need an additional code to access your email, Facebook or other accounts. This is often sent via SMS, which may not be the most secure.
For instance, if you request a texted code, it could be intercepted by someone snooping on your mobile network or a hacker who has convinced a mobile operator to redirect your phone number. Further, when you don’t have cell service, you can’t get the text.
YubiKey, created by Yubico, is one solution. The $18 key connects to a USB port on your computer and tells a service, like Gmail, that you are you.
You simply plug it into your computer, touch it and your identity is authenticated. It automatically creates a one-time-use password to log in to an account, and because it’s a physical key, data can’t be intercepted in transit.
Security researchers say Yubikey is the best method to protect yourself from phishing, a common tactic that tricks a person into thinking a malicious message was sent by someone they trust.
Usually phishing attacks are used to gain access to your personal information, like emails or bank accounts.
Facebook added support for the security key in January.
“We added support for U2F Security Keys because they offer the best possible account protection against the potential risk of phishing,” Facebook security engineer Brad Hill said in a statement to CNN Tech.
It takes just minutes to set it up with services like Facebook and Gmail, which let you add it under Security Settings.
“Security is the biggest issue on the internet,” Yubico CEO Stina Ehrensvard said. “For the internet to be secure … it should be the users who own and monitor and control what data they want to provide.”