The U2F security key was created in order to provide increased security for connecting to user accounts. Google, Facebook, WordPress, etc., are services containing various types of personal data, such as photos or private discussions that are not intended for public disclosure.
A single password may be sufficient for people who occasionally use these services, along with double authentication (i.e. 2FA, also known as Two Factor Authentication, as popularized by Google Authenticator) whose use has expanded across various platforms. But the most experienced should start using a U2F key in order to ensure total protection of their computer accounts, whether they are social media, online file storage or otherwise.
How does a U2F key work?
Its shape is identical to a traditional USB flash drive, except the device contains no data. It actually contains a single secure chip that allows the person using it to access their account. In a certain sense, it’s like the key to a safe that there’s only one of in existence – no duplication is possible.
The proper functioning of this USB drive is based on the Universal Second Factor protocol, also abbreviated as FIDO U2F. This IT standard was developed by three companies: Google (with Google Titan), Yubico (with Yubikey NEO) and NXP. NXP also invented NFC chips. The U2F standard has been since handed over to the FIDO Alliance, which encompasses several IT companies.
What are the advantages and disadvantages of the U2F key?
Total security: Only the person who holds the U2F key can connect to the associated account using the password. Security is therefore taken to a higher level by completely restricting access to user accounts. A password is not enough in itself; the U2F key is needed. Only the person possessing these two means of authentication can access the intended account.
Ease of use: When you buy a U2F security key, you simply link it to a compatible computer service. Once it’s set up, which takes very little time, there’s nothing more to do than connect the key to the computer when you need to authenticate to a site. You simply push the button on the key to verify the authentication. It’s extremely easy to use, and only takes a few additional seconds, but it ensures a higher level of security.
An additional step: Connection to an internet service is now subject to authentication by a U2F security key, so you must remember to bring it with you at all times. If you forget to bring it, you can’t connect to your account. On the other hand, if your security key is permanently lost, a backup solution is automatically requested during configuration. It is nevertheless suggested that you have two keys: one attached to your key chain and another that’s kept in a separate place just in case (a safe, or another place in your home…).
An initial investment: U2F security keys cost money, of course, but it’s not that much compared to the value they provide. They start out at around ten euros, and can cost up to around fifty euros. The features vary according to price, with the most expensive keys offering other options, such as NFC chips. When you think about it, fifty euros to reduce your chances of being hacked to practically nothing…you could say it’s a real bargain!
What are some of the U2F keys currently on the market?
Several dozen are available. Hypersecu offers the most affordable keys on the market, at less than ten euros. The features are very basic since it’s a just mini key with a small button to verify authentication.
Yubico has developed security keys which fit various types of USB ports. Another brand that’s very popular, Chipnet has the most expensive keys, but they offer the most features, such as NFC chips.
Which sites are currently compatible with U2F keys?
Several dozen sites now allow connection with a U2F key. Among them are all Google services (such as Gmail, Drive, Hangouts and Google+), Facebook, Twitter, Dashlane, Dropbox and WordPress.
The list is constantly updated based on the evolution of sites and their policies. Go to the support section on the sites you use to find out if connection with a security key is available.