Simply put, your username and passwords are no longer secure methods to access your accounts anymore. Passwords can be easily stolen through a large variety of methods, including standard malware, keyloggers, inspecting packets over unsecured connections, phishing, and so much more. This is the problem that 2FA tries to solve; by trying to add that extra authentication point to prove it’s actually you. Almost like a second super secret password, except this password changes every 30 seconds, and only you have access to it through sometimes through a physical device, such as a phone, or a USB Security Key.
Another option that can be used as your second authentication point, or your “second password”, is using a USB Security Key. Instead of requiring an auto-generated code, or sending you an SMS with a code, you can use a security USB instead. Each security key has an individualized secure chip which performs cryptographic functions, meaning only your key can be used to complete the cryptographic challenge and complete the login process. This gets a little complex the further you delve into it, but know that legitimate FIDO U2F Security Keys are a safe way to authenticate yourself.
It’s important to make sure you buy a legitimate FIDO compliant U2F key. Yubico is a trusted brand in the industry when it comes to FIDO compliant keys. You can purchase a Yubico key on Amazon for fairly cheap.
Popular services that support security keys include Google, Facebook, Dropbox, Salesforce, Github, with others following suite.
Adding a Security Key for Facebook or Google
To setup your Security Key with Facebook, go to your Settings Page > Security & Login > Setting Up Extra Security > Under Security Keys, press Add Key.
To add a security key to your Google account, visit their 2-Step Verification page here > click Add Security Key > and follow their on screen instructions.
You will have to determine if a security key will work for you. For one, you might have to carry it around wherever you go if you are required to signing onto machines you don’t usually sign into. Secondly, losing a security key can be an issue, especially if you don’t have backup codes or other methods for secondary authentication already in place. If a security key does work for you, it can be a very quick, safe, and easy way to authenticate yourself.