Skip to main content

The lowdown on USB security keys

Q: How do USB security keys work, and should I get one?

A: Your online assets have long been one of the major targets of hackers, and, generally speaking, the only thing keeping them out of your accounts is your passwords.

Weak passwords are no match for today’s hacking technology: High-speed cracking systems can crack any 8-character password in just over a minute.

Even if you create a long, complex password, it can be compromised through data breaches at any of the companies you do business with online.

The black market for known passwords is thriving, because hackers know that people tend to use the same passwords across so many of their online accounts.

2-factor authentication, and ways to beat it

Since a password alone provides very little security these days, the addition of a second form of authentication became popular years ago as smartphones became ubiquitous. It’s akin to the two factors necessary when using your debit card at an ATM: You need both the physical card and the associated PIN.

Activating 2-factor authentication on all your online accounts means that whenever an online service detects that your username and password are used from a location or device that’s never been seen before, a special code is sent to the registered phone number that is required to access the account (the second form of authentication).

This means that a cyberthief needs to steal both your password and your smartphone in order to gain access.

The popularity of 2-factor authentication with smartphones has led to various exploits to usurp this extra layer of protection, including SIM swapping or SIM hijacking.

By taking over control of your phone number, hackers can have the special code sent to a phone that they have in their possession.

They’ve also become very good at fooling victims by calling them posing as an organization that claims to have detected a break in that wants to verify that the victim is the actual owner of the account.

They’ll tell the victim that they will be getting a special code on their smartphone that they need them to read back to ‘verify’ that they are the authentic owner. Of course, reading back the code allows the remote hacker into the account because they are at the screen that is asking for the code on their computer.

USB security keys

Since the bad guys have found easy ways to sidestep the security of 2-factor authentication, the USB key has surfaced to providence another form of higher security.

Instead of using a smartphone as the second form of authentication, you would use a special USB key on your computer, smartphone or tablet that costs $20 to $50.

Once you set them up, a USB security key connected to your device is required in order to gain access to the protected accounts. There are backup methods to allow you in should you lose your USB key, so be sure to set one up if you plan on using them.

To get more of an understanding of your options, checkout the various models from YubiKey, or Google’s offering, called Titan.

Ken Colburn is founder and CEO of Data Doctors Computer Services. Ask any tech question on Facebook or Twitter.

Massachusetts court hears arguments in lawsuit alleging Meta designed apps to be addictive to kids

BOSTON (AP) — Massachusetts' highest court heard oral arguments Friday in the state's lawsuit arguing that Meta designed features on Facebook and Instagram to make them addictive to young users. The lawsuit, filed in 2023 by Attorney General Andrea Campbell, alleges that Meta did this to make a profit and that its actions affected hundreds of thousands of teenagers in Massachusetts who use the social media platforms. “We are making claims based only on the tools that Meta has developed because its own research shows they encourage addiction to the platform in a variety of ways,” said State Solicitor David Kravitz, adding that the state's claim has nothing to do the company's algorithms or failure to moderate content. Meta said Friday that it strongly disagrees with the allegations and is “confident the evidence will show our longstanding commitment to supporting young people.” Its attorney, Mark Mosier, argued in court that the lawsuit “would impose liabilities for performing traditional publishing functions” and that its actions are protected by the First Amendment.
Read Next Story