5 best two step authentication USB keys



5 2uf usb keys test



We all know it, To keep ourselves save of being hacked we simply need 2-step-verifications (big sigh). 

So here we are, using smartphones codes, secret questions, and e-mails to log into our Facebook or Google accounts. 

Or at least, we should do it, almost no one does, because it's too annoying and frustrating. 

Would it be nice if you can sign in quick and fully hackproof with a simple finger tap? Well, now you can!

During a  television show about scamming, I saw a guy logging into his (social) accounts using a simple tap on a USB key. Making me wonder what this little tool was, How to use it, and which keys were on the market.

I have investigated the original Yubikeys and it's alternatives and selected the most popular types for you.

FIDO certified USB keys will allow you to sign into your (social media) accounts in a very secure and fast way. You can simply go to the login page, tap on the key button on the stick and you are inside your account! If a hacker has your password but doesn't have your hardware USB key, access to your account won't be granted.

USB two factor authentication keys review 5 best2fa USB key infogram

Protect online accounts against unauthorized access by using two-factor authentication with this security USB key.



What is FIDO certified Two-step verification?




FIDO is an worldwide cooperation of the big online platforms who support two-factor authentication (2FA), using a proven safe method of generating a public/private key combination on websites that have implemented the FIDO API

Meaning, if you have set up 2FA on that site, by using a FIDO security key or token, that FIDO (USB) key device will be needed to log into the site, together with your typical username and password.

Each website has its own, unique cryptographic key combination so nobody can't use the information from one website to log into another website. Google was one of the first designers and supporters of this project.

In the original design, where FIDO keys supported by Google for their "two-step verification" logins. Standard 2 factor authentication methods, such as a list of one-time PIN numbers, or a text message to a smartphone are used as a backup. This method can still be used.

Recently, Google added an alternative, harder to crack option, the "Advanced Protection Program". Using this system, the only way you, or someone else, can sign in into your Google account is by using a FIDO USB key or token.

It's advised to have at least two keys when using the "Advanced Protection Program", so that, if one of the USB keys get lost or broken, you still can use your spare key. Without the key(s), you'will have to request support from Google, which is only granted after a few days and some user verification answers.

Supported FIDO U2F sites - There are many


All FIDO keys will support the widely accepted U2F protocol and you can use these keys to login to all the big sites like Facebook, Google site verification, Twitter, Dropbox, Lastpass, Github, Linux, Windows,  and hundreds more. The keys will run in, Chrome, Firefox with 3dr party plugin and some will run on Ois and Android

U2F supported sites infogram


The U2F protocol is easy to implement for site owners and is becoming the standard security solution very fast. You will be able to use your USB key almost anywhere for now and its support will only be growing into the future.

The difference between 2 step verification USB  keys


There are a few different 2 step verification USB keys on the market, from a simple cheap design that only works on a laptop or desktop, to very solid that works on laptops and mobile devices as well. Some of them will support the U2F protocol only and other will support older protocols as well.
When choosing your 2 step verification USB key you will have to consider;
  1. Wich operating system do you use, only windows or android and Mac Ios as well
  2. Does the key stay in your PC/Laptop or do you want to carry it on a keychain?
  3. Which type of USB port will be used and is Bluetooth for mobile devices needed.
If you want a "Masterkey" that is very solid and works everywhere on each device then I will strongly suggest the original Yubinty NEO key. This key works with USB, Bluetooth for mobile, all the FIDO protocols, and operating systems. The drawback is, of course, the highest price of 50USD.

There are good alternatives for the original Yubikeys but no one of them will be that solid, and some are even weakly designed. Before I start comparing key types and the alternative brands I will start off with a bold statement;

if you want a nearly indestructible key, get a YubiKey


Yubiko yubikey comparison chart


For Pc and Laptop, 2 step verification USB Keys review

USB 2FA keys laptop and pc review

1. The budget solution


The HyperFIDO mini is a FIDO that will work with the U2F key protocol only. It doesn't support other solutions, like OTP,  that you'll find on Yubikey devices. That's good enough in most cases.  Most websites that support hardware USB keys will work with this device, and the handful of sites that require OTP variants to log in are likely to adopt FIDO U2F over time. If you're looking at this because you need Google support.  that will work with this HyperFIDO mini key.

Buy your HyperFIDO mini Here

Buy in the
USA
Buy in
 CANADA
Buy in the
UK
Buy in
 GERMANY


The build is as cheap as you would expect for that price.
If you plan to plug and unplug this HyperFIDO mini USB Key repeatedly, don't buy this one.

The thread-like lanyard and the hole that it threads through will easily pull the cap off the device and you'll need to glue it back together. In short, this USB key won't survive your keychain. Just plug this one into your PC, Duct-tape it, and leave it there.

The biggest drawback of this key is the green LED. It's INCREDIBLY bright and always on. Expect a bright, radiant glowing-in-the-light wherever you plug this in. Keep the LED away from facing directly at you.

2. Best most-used-option solution for 2 step authentication


The Yubico Basic Security Key does work with U2F sites. For example, this worked well with Facebook.

Note that you need to have a compatible browser, for Windows 10 this is chrome.
This Yubikey support it's own Ybiko FIDO2 format also but I didn't found a website ie that support it (yet)

Buy your Yubico Basic Security USB Key here

Buy in the
USA
Buy in
CANADA
Buy in the
UK
Buy in
GERMANY

This USB key doesn't have all the same functions as the YubikeyNEO as you can see in the comparison chart, but it does what you need for average use.

If you need a USB key for your computers that will give you hardware-based 2-factor authentication, this one will.

The Yubico Basic Security Key supports Google account, Github, Facebook, and many other services.

Setting up the Ybiko USB keys up is deadly simple, go to the website where you want to log in, find it's two-factor authorization section and set up the Yubico USB key by pressing the button when it lights up.

Microsoft Edge does not work with this USB key as of build 17704 or earlier.

This key does not work with Windows 10 Hello, the support does not seem to be in windows for FIDO2 keys at this time (build 17704).

Most Yubikeys support things like PIV and CAK, this does not, and is why it is cheaper.

If you need windows 10 hello now, buy the Yubikey 4 


3. The No-stress-works-with-all solution


The Yubikey 4 has zero problems with U2F. 2 step authorization on Windows Login is very, very easy, even with it enabled in Safe Mode. It's a secure way to prevent unauthorized access to your PC/laptop

Buy your Yubikey 4 Security USB Key here

Buy in the
USA
Buy in
 CANADA
Buy in the
UK
Buy in
GERMANY


This is an excellent USB Key and I strongly recommend it. In combination with a password manager that supports U2F, like Last Pass, Dashlane, etc., The benefit of this Key is that you can enable two-factor authentication for signing into your password manager account. It doesn't matter if someone knows your master password, they are not capable of accessing your account unless they have your Yubikey.

To add a phone or tablet that doesn't have a USB port, use this USB key on a computer to temporarily disable the two-factor Yubikey authentication, add your Mobile, then enable the key agian. I advise you to get a second key as a backup key or for partner uses, register both USB keys on each account. This will save headaches if the Mobile or one key is lost.

This security key can maintain two security access methods, Smart Card and Fido U2F.

There is a lot of documentation information on their website and on the Dashlane Password Manager website.

Unfortunately,  the package comes with no documentation at all.
You will need to you get to their websites for all the setup info, getting the feeling that these USB Keys are targeting IT savvy individuals and organizations with IT specialists to configure them for their employees.

It is supported by Chrome at the moment, or Firefox with a 3rd party extension.  Mozilla, Microsoft, and Apple will follow through with U2F support in time.

Overall this is an excellent 2 step authentication, they are near indestructible, cheap, easily provisional, with good management software.

Best chooses for mobile and laptop/PC USB keys

USB 2FA keys laptop and mobile review

4. The good price solution


This Feitian FIDO key is unique (at least as of now), in that it supports the traditional USB attachment, which emulates a standard USB keyboard (a "Human Interface Device" or HID), and it also includes both NFC (for Android devices with a NFC tag reader) and Bluetooth Low Energy (BLE) for Apple and other devices.
Aside from the three-method attachment, this key performs exactly the same function as other FIDO keys, such as the YubiKey family of FIDO products.

Buy your Feitian FIDO key here

Buy in the
USA 
Buy in
CANADA
Buy in the
UK
Buy in
GERMANY


Setting it up was trivially easy, and both the Bluetooth pairing and FIDO pairing worked on the first try. I can't comment on the ruggedness of the key, since I just got it, but personally, I wouldn't put it directly on a key ring with keys, in a pocket, as this would probably beat up the device over time.

Attaching it to a key ring by using a second ring to extend it out from the keys and allow more twisting motion would probably help,  However, if you want a nearly indestructible key, get a YubiKey

There have been a couple of reviews complaining about the packaging, wondering if it was secure. First: even if somebody got their hands on your key, there is absolutely nothing they can do with it to access your websites or personal information. The keys are useless until paired with each company's website. There is nothing to hack, nothing that can be altered, and no risk. Second: this is a very new product, and perhaps the initial shipping/packaging materials were temporarily sub-par. The unit I received today was nicely packaged, as would be a typical Amazon "Frustration Free" product. It came in a small brown cardboard box, with a paper tamper evident seal, and a slide-out sleeve. The package includes the key (in a cut-out custom foam surround, a short USB A to micro USB cable, and a pairing guide.

5. The one size fits all - this one works anywhere solution


This yubiko yubikey Neo works with NFC capability on mobile phones.

There is a learning curve to these products and security keys generally. But that learning curve is quite worthwhile and very doable. Yubico has a great reputation in the industry and was designed with assistance from Google, whose employees used it until Google started coming out with its own brand recently. One thing about Yubico: they have been doing this for a while, their keys work well, and the keys are very sturdy. More and more websites will start using U2F and FIDO U2F.


Buy your Yubikey NEO Security Key here

Buy in the
USA
Buy in
CANADA
By in the
UK
Buy in
GERMANY


By default, at least on some only OTP mode is enabled on the device. U2F mode is disabled by default, which is required by Google for it to work. You visit my account on google, you click 2-Step Verification, and you click "Add Security Key". It then prompts you to plug-in your YubiKey and tap the button. Nothing happens. Now you're stuck.


In order to enable it, you'll need to download the YubiKey NEO Manager on their website. Once downloaded, run the application, plug in your device and click the "Change connection mode [OTP]" button. Here you'll have an option to enable U2F! And voila! It now works with your Google account. You also have an option to enable CCID in here.

No comments:

Post a Comment

Drop your opinion or questions here please