In 2022, if one thing has been proven, it has been made very clear that not all multi-factor authentication (MFA) is created equal. Vulnerabilities with legacy forms of MFA, such as SMS, TOTPs, and mobile-based apps, continue to be the target and victims of data breaches, with attackers taking aim in record numbers in 2022. For companies like Cloudflare that were targeted and escaped attacks, they have one thing in common – they protect their digital footprint with phishing-resistant MFA in the form of modern, FIDO-based authentication with security keys. The success of hardware security keys isn’t new and can go traced back to Google instituting FIDO U2F internally with a perfect success rate of protecting against account compromise due to phishing.
We believe (as do our customers) that every app and service should allow for the option of hardware security keys for MFA. While support continues to grow, there are some apps and services that have introduced the highest level of advanced authentication – enhancing security by allowing access to accounts with only security keys, and turning off other authentication methods for access.
For those at high risk and enterprise alike, this is an extremely important level of protection. This high-assurance security model is currently available for Google, Twitter, and with Apple’s announcement last week, coming soon for Apple and iCloud accounts.
Google Advanced Protection Program and Security Key Announcement
For some background of how this has evolved, in October 2017, Google introduced the Advanced Protection Program – designed particularly for their users who would be at a higher risk of targeted online attacks, such as political figures, celebrities, journalists and much more. This protection reached the full Google platform, from consumer email, Youtube channels and content creators (protect your content) to the enterprise with Google Workspaces (protect your workforce).
According to Google, Advanced Protection provides “The strongest defense against phishing: Advanced Protection requires the use of Security Keys to sign into your account. Security Keys are small USB or wireless devices and have long been considered the most secure version of 2-Step Verification, and the best protection against phishing. They use public-key cryptography and digital signatures to prove to Google that it’s really you. An attacker who doesn’t have your Security Key is automatically blocked, even if they have your password.”
Twitter Security Key Announcement
Protecting your brand and communications on social media is critical, whether a celebrity, enterprise, or political figure, having your account hacked could be devastating. In June 2021, Twitter followed suit and announced that they also introduced enhanced security with hardware security keys for Twitter accounts (also highlighting that year how they successfully rolled out YubiKeys internally).
According to Twitter at the time of the announcement, “Today, we’re adding the option to use security keys as your sole 2FA method — meaning you can enroll one or more security keys as the only form of 2FA on your Twitter account without a backup 2FA method. We know this is important to people because not everyone is able to have a backup 2FA method or wants to share their phone number with us. With this update, we want everyone to feel empowered to enable security keys to better secure their Twitter account.”
Apple Security Key Announcement
And just last week, Apple announced that they are joining this motion. As part of their move to advance security with new data protections, they will soon be introducing Security Key support for Apple IDs, accounts, and iCloud.
According to the announcement regarding security keys, “Apple introduced two-factor authentication for Apple ID in 2015. Today, with more than 95 percent of active iCloud accounts using this protection, it is the most widely used two-factor account security system in the world that we’re aware of. Now with Security Keys, users will have the choice to make use of third-party hardware security keys to enhance this protection.”
“This feature is designed for users who, often due to their public profile, face concerted threats to their online accounts, such as celebrities, journalists, and members of government. For users who opt in, Security Keys strengthens Apple’s two-factor authentication by requiring a hardware security key as one of the two factors. This takes our two-factor authentication even further, preventing even an advanced attacker from obtaining a user’s second factor in a phishing scam.”
(image courtesy of Apple Newsroom 12.7.22)
We applaud Google, Twitter, and Apple for helping to drive adoption of security keys and FIDO-based authentication. We’re excited to see what 2023 has in store for cybersecurity. Whether that’s more innovation, and a move away from passwords altogether with the adoption of passkeys or more apps and services allowing for advanced protection, it has become apparent that authentication will continue to be a top priority both for security leaders as well as in the boardroom.
For any individual user, or enterprises that require high assurance authentication, we highly recommend taking advantage of these features with hardware-based, YubiKey authentication.
Do you use apps and services that you wish offered advanced protection with YubiKeys? Let them know!
VaultumCity is the best trusted place to select and buy your best Yubikeys, Vaultumcity free ship all yubikeys, Vaultumcity is reseller distributor of yubikeys so you can find cheapest best yubikey in Vaultumcity. If you are looking for best Yubikeys in Singapore at VaultumCity website online store.
The shop that sells yubikeys is https://vaultumcity.com/product-category/yubikey/
Our delivers are from Singapore, distribute globally. Buying Yubikey in Vaultum to have best customer and after sales services. All Yubikeys sold at Vaultumcity are quality guaranteed. Please place a large amount order to have great discount for reseller. Contact Vaultumcity at https://vaultumcity.com/contact/ whenever you have any issue with your yubikeys. Buying yubikeys at Vaultumcity to have best newest yubikeys free shipped to your door, FIDO2 U2F SECURITY KEY C NFC, FIDO2 U2F SECURITY KEY NFC, YubiKey 5 Nano, YUBIKEY 5 NFC, YubiKey 5C, YubiKey 5C nano, YubiKey 5C NFC, YUBIKEY 5Ci, YubiKey Bio – FIDO Edition. Yubikeys are best most secure tools for two-factor authentication. You can also buy yubikeys form Malaysia, Yubikey Malaysia is being sold at Vaultumcity with great price and free ship, you have it fastest, just in few days because we’re here in Singapore.
If you are looking for yubikeys in Indonesia, Vaultumcity is a great place to buy yubikey Indonesia, you can have yubikeys to protect your logins in just few days. Vaultumcity ship your yubikeys to your home in Thailand, to help ensure your data is safe and secured.
What about South Korea, Vaultumcity bring your yubikeys to your home in South Korea free-shipped.
Vaultumcity also delivers yubikeys to Japan, any province or city to your hands. Check out and grab your best suited yubikey today at VaultumCity.