Git-Mirrors/privacyguides.org
1
0
Fork 0
mirror of https://github.com/privacyguides/privacyguides.org.git synced 2024-07-11 13:51:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update hardware key recommendation (#875)

Browse Source
This commit is contained in:
Andrew Chong 2022-04-05 06:12:47 -07:00 committed by GitHub
parent 1b71db4575
commit 3ec675cd05
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docs/multi-factor-authentication.md
View File

@ -16,7 +16,11 @@ The idea behind 2FA is that even if a hacker is able to figure out your password
==If you want to take your security seriously, you should use a dedicated **Authenticator App** on your phone to generate these codes whenever possible.== These authenticator apps follow the same standard, allowing you to keep codes from many different companies in one place for ease-of-use. They also keep the codes securely stored (optionally requiring biometrics on your phone to access them), and make it difficult to duplicate the codes so they cannot be reproduced by a hacker later, even if they briefly had physical access to your phone.
The ultimate form of multi-factor security are **hardware keys**. These are devices that implement a standard such as **FIDO2** or **U2F** that you need to physically attach to your computer to log in to your accounts. They come in a variety of form factors and connect in different ways, such as a USB stick you plug in to your computer, or a Bluetooth/NFC token you connect to your device wirelessly. Some newer computers and mobile devices even have built-in hardware keys! Hardware keys have secure cryptoprocessors (essentially an entire mini computer!) on them which stores and manages your encryption keys. Many of them have specific tamper-resistant mechanisms, but all of them are designed with the idea that they should be impossible to reproduce: The key you have will be the **only** way to gain access to your account.
**Hardware security keys** are a very strong form of multi-factor security. These are devices that implement a standard such as **FIDO2** or **U2F** that you need to physically attach to your computer or phone to log in to your accounts. A hardware key has a secure cryptoprocessor (essentially an entire mini computer) on them which stores and manages your encryption keys. Many of them have specific tamper-resistant mechanisms, but all of them are designed with the goal that they should be impossible to reproduce: The key you have will typically be the **only** way to gain access to your account.
Hardware keys come in a variety of form factors that can connect to your device in different ways, such as a USB stick you plug in to your computer, or a Bluetooth/NFC token you connect to your device wirelessly. Some newer computers and mobile devices even have built-in hardware keys.
There are a few risks with using hardware security keys that are similar to the risks of using your house keys. First, if you lose or destroy a hardware key by accident and don't have a backup or other means of account recovery (either of which would reduce the security value of the hardware key), you will completely and irrevocably lose access to your account. Second, hardware keys can be stolen or forcefully taken from you. Finally, it is possibile that a hardware key might be tampered with or replaced with a fake prior to you receiving it, although most hardware key providers have methods to verify that their keys are authentic and uncompromised.
Ultimately, the best form of two-factor security is the one you will use consistently on every account you have, that doesn't significantly interfere with your life. If you need to log in to an account often or on many devices, a hardware key may prove to be too much of a burden for example.