Q: How do USB security keys work and should I get one?
A: Your online assets have long been one of the major targets of hackers and generally speaking, the only thing keeping them out of your accounts is your passwords.
Weak passwords are no match for today’s hacking technology as high-speed cracking systems can crack any 8-character password in just over 1 minute.
Even if you create a long complex password, it can be compromised through data breaches at any of the companies you do business with online.
[CASE IN POINT: Marriott security breach exposed data of up to 500M guests]
[CONSIDER THIS: What do hackers know about you? AZ company will tell you for free]
The black market for "known passwords" is thriving because hackers know that people tend to use the same passwords across so many of their online accounts.
Because a password alone provides very little security these days, the addition of a second form of authentication became popular years ago as smartphones became ubiquitous.
It’s akin to the two factors necessary when using your debit card at an ATM. You need the physical card AND the associated PIN.
[RELATED: Can you be hacked? Absolutely!]
Activating two-factor authentication (2FA) on all your online accounts means that whenever an online service detects that your username and password are used from a location or device that’s never been seen before, a special code is sent to the registered phone number. The code is required to access the account; it's the second form of authentication.
This means that a cyber-thief needs to steal both your password and your smartphone in order to gain access.
The popularity of using two-factor authentication with smartphones has led to various exploits to usurp this extra layer of protection including SIM swapping or SIM hijacking.
By taking over control of your phone number, hackers can have the special code sent to a phone that they have in their possession.
[RELATED: Scammers are targeting your smartphones]
They’ve also become very good at fooling victims by calling them posing as an organization that claims to have detected a break-in and wants to verify that the victim is the actual owner of the account.
They’ll tell the victim that they will be getting a special code on their smartphone that they need them to read back to "verify" that they are the authentic owner. Of course, reading back the code allows the remote hacker into the account because they are at the screen that is asking for the code on their computer.
USB security keys
Since the bad guys have found easy ways to side step the security that smartphone based two-factor authentication offers, another form of higher level of security has surfaced in the form of the USB key.
Instead of using a smartphone as the second form of authentication, you would use a special USB key on your computer, smartphone or tablet. Such a key costs between $20 and $50.
Once you set it up, a USB security key connected to your device is required in order to gain access to the protected accounts.
Of course, there are backup methods to allow you in should you lose your USB key. Be sure to set that up if you plan on going the USB key route.