Are you tired of unlocking your phone or computer a hundred times a day? Would you like to login to all your favorite websites with a single tap, and never remember another password? That’s the promise of hardware security keys. Let’s take a look at the current offerings, and you can decide if one is right for you…
You Might Want One of These On Your Keychain
Last summer, “hardware authentication” was briefly buzz-worthy thanks to Google’s announcement of the Titan Security Key. It was pretty impressive to read that 85,000 Google employees who used Titan went a whole year without a single compromised account. Google urged everyone to upgrade to hack-proof hardware authentication. Today, you can buy the Titan Security Key for $50 in the Google Store.
Unfortunately, it doesn’t look like many consumers are buying Titan, or any of its competitors. Whether the problem is cost, convenience (another thing on a keychain), or apathy to security concerns, hardware gadgets like Titan and the Yubico YubiKey just have not caught on among private citizens. But that hasn’t prevented the rise of many copycat products, some of dubious quality.
Yubico, the leader of this small, slow-moving pack, has at least seven YubiKey products for various applications. The classic YubiKey 4 ($40 on Amazon) gets a 4-star rating average from 286 customers, making it the most popular model by far among Amazon shoppers. The YubiKey works with Gmail, Facebook, Dropbox, Twitter, Dashlane, LastPass and “hundreds of other services.” It’s also touted as waterproof, and crush resistant. Just plug YubiKey 4 into a computer’s USB port and tap the gold circle to activate. If you don’t want something that big on your keychain, the $50 YubiKey 5 Nano, works the same and is about the size of a dime.
The EveryKey wants to replace not only your passwords but also the heavy, noisy mass of metal keys you carry everywhere. Everykey generates secure passwords for your website accounts, and will unlock them with one touch. It also promises to unlock your phone, laptop, and at some time in the future, your house and car, as long as they have Bluetooth capability. When your Everykey is close to one of your devices, you can access it without a password. When you walk away, your device locks back down.
And yes, that’s antivirus pioneer John McAfee on EveryKey’s home page and in its video. McAfee claims he founded EveryKey in 2015, but fundraising for the venture seems to have started as much as three years earlier. EveryKey’s original $99.99 price has eroded to $59.20 on Amazon, where it has a 2.5 star rating average from only 22 customers.
The Fetian ePass NFC FIDO U2F Security Key ($16.99 on Amazon) sounds like a mouthful of acronym soup, but it’s not hard to parse. “NFC” means it works with Near Field Communication, the protocol that enables tap-and-go payments via smart cards or phones. “FIDO” is the Fast ID Online set of security standards developed by nearly 300 members of the FIDO Alliance to ensure interoperability. “U2F” is the Universal 2-Factor authentication standard developed by Google and Yubico. Customers give the ePass 3.5 stars. Complaints among a total of 89 reviews include dead-on-arrival units, another that failed after five months, and no tamper-proof packaging.
The Thetis Security Key ($16.95 on Amazon, is also FIDO and U2F compliant, and gets an impressive 4.5 stars from 181 customers. Unlike pricier products that leave delicate gold-plated contacts exposed, the Thetis’ rugged, foldable design guards against mishaps.
A Thetis reviewer made an interesting observation: “Technically, very few sites supports U2F protocol, BUT Google and Facebook are INCLUDED. And, as you know, Google and Facebook provides authentication for millions of sites. So, using U2F for Google and Facebook and using them for authentication covers, literally, millions of sites.” I guess he’s OK with Google and Facebook tracking every site he visits.
The cheapest gadget definitely looks the part. The U2F Zero is no more than a bare circuit board, probably hand-made to order by a geek named “Conor” at his kitchen table. But it’s U2F compatible, gets 4.0 stars from 60 reviewers, and it’s only $9.86.
Even though they seem handy, I think it unlikely that hardware authenticators will ever catch on as aftermarket purchases. Even the bare-bones U2F Zero is ten bucks that most people won’t spend to replace free passwords. But these devices may find their way into OEM devices, becoming a standard “accessory” just like a phone charger.
Are you interested in a hardware security key that can manage your logins, and unlock your gadgets? I personally have many passwords for many programs, websites, cellphone, computers and forget passwords on accounts in secondlife so much I purchased and use YubiKey for all. Of course keeping your passwords secure is always the key and changing them often helps in this. In weeks to come we will cover the how to on passwords and updates with these keys.
Have a great week