In 2021, New York City’s law department was hit by a cyberattack.
The hack forced officials to take the 1,000 lawyer agency offline to protect data.
City officials disconnected the law department’s computers after learning of the cyberattack.
New York City’s Law Department holds some of the city’s most sensitive data.
This includes criminal evidence, and arrest records. In addition, it has the medical records and personal data for thousands of city employees.
The cyberattack interrupted lawyers and disrupted court proceedings.
And all it took for a hacker to gain access to this data was a stolen email password.
But the hack could have been prevented if the Law Department simply used two-factor authentication.
Even though two-factor authentication is not hackproof, it’s more challenging for hackers.
In fact, in 2019, New York City required all city employees to use two-factor authentication, but that apparently did not happen with the law department employee.
These days, if you’re concerned about online security, you need to use more than a password.
Many websites offer two-factor authentication or biometric features, but even these can be hacked or bypassed.
This is why you should consider a physical security key.
A physical key is another way to verify your identity, and depending on the specific key it can be used with your computer and smartphone.
That said, here are a few reasons that physical security might be a good option for you to put in place.
A physical security key can make it easy to access an account compared to other methods.
For instance, with two-factor authentication, you have to check your email or look for a text message.
A physical security key is small, and can be carried on a keychain. The best thing is it’s a ready-to-use, plug-and-play device.
A physical security key needs to be registered to a website, which helps reduce the chances of a phishing attack.
Security keys use a security protocol that authorizes user access to each specific website.
When you insert a security key into your computer, your browser issues a challenge to the key.
This includes the domain of the website you are trying to access.
The key then signs and allows the website to log you in.
Since the keys are registered to the specific websites, it helps prevent any possibility of a data breach.
Single key for many uses:
Another advantage of a physical security key is that it can be used with different authentication standards.
For instance, if one website uses two-factor, but another website uses Universal Second Factor, the key can work with both.
Many organizations encourage their employees to use physical security keys.
This way, even if a hacker was to discover your password, they wouldn’t be able to sign in without the physical key.
And as long as the physical key is secure, the company data is protected.
A physical security key is a worthwhile investment for protecting your security.
Considering this, here are a few physical keys that you may wish to check out…
Yubico YubiKey 5 NFC:
The YubiKey 5 NFC is one of the best all-around physical security keys.
It works using USB-A or NFC to connect to your device. It can also work with USB-C connections with an adapter.
An advantage of the YubiKey 5 is that it’s compatible with many different services. This includes Google Chrome, Facebook, Dropbox, LastPass, and many others.
The YubiKey 5 is small, durable, and even waterproof.
Thetis Fido U2F Security Key:
The Thetis is one of the most cost effective security keys.
There is no Bluetooth connection for this key. It supports FIDO U2F security standards.
Yet as long as you are using Chrome or Opera as a web browser it should provide access to websites.
It works with Windows, macOS, and Linux.
The key has a compact folding design and an aluminum casing that protects the connector.
The OnlyKey is a physical security key and password manager in one.
The security key has a keypad that will keep accounts safe in case the computer or website is compromised.
The OnlyKey supports multiple security methods including FIDO 2 U2F, Yubico OTP, and TOTP.
OnlyKey is also a password manager.
It has an encrypted backup, plus a self-destruct feature. It wipes the device after several incorrect password attempts.
The bottom line is, physical security keys provide a higher level of security that can keep your devices and accounts safe.
You may have just gotten accustomed to two-factor authentication that sends an email or text to confirm your identity.
But a physical security key is much better.
Once the key connects to your device it grants you access, so you no longer have to wait for a code to be sent to your phone or email.
Physical keys are well worth the expense to make your data more secure.
At the end of the day, cyber hackers are a lot like street criminals. They go after easy targets and don’t waste their time.
A physical security key will likely make a hacker go after an easier target.