A few weeks back, pymnts.com posted a blog around security keys. The main thing that caught our attention was the cryptographically based security keys. Crypto keys have many different types, but we will be focusing on the authorization keys. There are a couple of different authorization types for the crypto key, those are: symmetric, public (or private).
“Symmetric authentication keys are used with symmetric key algorithms to provide assurance of the integrity and source of messages, communication sessions, documents, or stored data.
A private (or public) authentication key is the private (or public) key of an asymmetric key pair that is used with a public-key algorithm to provide assurance as to the integrity and source of information and the identity of the originating entity when executing an authentication mechanism or when establishing an authenticated communication session.” This information is an excerpt from: www.cryptomathic.com
Crypto keys are one of the best ways to keep the bad guys out of your accounts. They have the best security, are nearly impossible to crack, and can remove any phishing problems. Though, there is still the question of practicality. If you have a key to log onto your computer, the keys require you to plug them into your computer every time you wish to log on. Just logging onto your computer is not necessarily going to be quite a big problem when you use a security key to log in.
If you had to use a cryptographic security key for everything, just imagine using one to log onto your computer, then another one for gmail, and yet another one for facebook. They could find a way to let you use the same key for everything, however that reduces some of the safety. Even if they are near impossible to crack, if they cracked it once they now have access to everything if you are using one key for all of your personal accounts.
Here is the Yubico YubiKey:
We believe that there could be a happy medium somewhere, but we are not quite sure where that medium is. Some two-step authenticators require you to receive a code on your phone through texting. This kind of an authentication key could work very well for you, and the people at Google even prefer this kind of authentication.If your phone is dead, lost, or you do not even own one, it suddenly becomes harder to get into anything you previously had access to. That would not be a bad thing, though it might become a hassle.
We will have to wait and see what the future holds. These kinds of security keys are not necessarily the newest thing on the market, but there is always a chance of innovation in everything.
If you would like to check out PYMNT.com’s post, you can do so here: pymnts.com