21, 2014 there is an exciting new answer to this question: Google Launched Security Key, World’s First Deployment of Fast Identity Online Universal Second Factor (FIDO U2F) Authentication. The question is what can you do about it? As of Oct. Of course this is old news, you already knew this. Not only is this problematic for the particular account hacked, but if you use the same password across multiple website accounts, you are vulnerable across all accounts that share the compromised password. Recent examples includeTarget, HomeDepot, Staples, and most notoriously, Apple’s iCloud service. If you’ve been watching the news at all recently, you have seen story after story breaking the news that yet another retailer or online service provider has had their database hacked compromising user accounts and their password information stolen.
Second, the browser sends the code directly to the website, so an attacker sitting in between can’t capture the temporary two-factor code and enter it on the real website to gain access to your account.Recent Hacks Putting Your Accounts at Risk First, the browser checks to ensure it’s communicating with the real website using encryption, so users won’t be tricked into entering their two-factor codes into fake phishing websites.
When you insert it into your computer’s USB port or tap it against your phone, the browser on your computer can communicate with the USB security key using secure encryption technology and provide the correct response that lets you log into a website.īecause this runs as part of the browser itself, this gives you some nice security improvements over typical two-factor authentication. It’s based on existing “smart card” security technology. Some of them have NFC support so they can be used with Android phones. Currently, U2F devices are usually small USB devices that you insert in your computer’s USB port.
0 kommentar(er)
