A security key is a good option to use for two-factor authentication when logging into certain websites.
With the Windows Hello and FIDO2 standards, you can authenticate supported website logins through different methods, including facial recognition, fingerprint recognition, a PIN, or a physical security key. The goal is to eliminate or reduce the need to remember a complex password for each site.
SEE: What to do if you're still running Windows 7 (free PDF) (TechRepublic)
If your computer doesn't support facial or fingerprint recognition, and you don't want to rely on a PIN, a physical security key offers an effective way to authenticate your account logins. By connecting the security key to your PC, you can authenticate your website accounts without having to rely on a password.
You can choose from a few different vendors for security keys, including Google, YubiKey, and Thetis. For this article, I'm focusing on YubiKey security keys because of their versatility and support for computers as well as mobile devices. The specific YubiKey key you choose depends on your computer configuration.
Among YubiKey products, the YubiKey 5Ci offers both a USB-C connector and a Lightning connector, making it compatible with newer computers with USB-C ports as well as iPhones, iPads, and Android devices. For older computers with just USB-A ports, the YubiKey 5 Series, Security Key Series, and YubiKey FIPS Series all have the proper connections. Also, the YubiKey 5 NFC uses a USB-A port as well as NFC for a wireless connection to your PC or other device.
FIDO2 authentication is slowly starting to catch on among websites, though you won't find a lot of sites that support it yet. One site you can use is your own Microsoft Account page.
How to set up the security key when not logged into your Microsoft Account site
- Open the Microsoft Account site in your preferred browser, and click Sign In.
- At the Sign In screen, click the link to Sign In With Windows Hello Or A Security Key (Figure A).
- Make sure your security key is plugged in.
- At the next screen that lists the different authentication methods, click Security Key (Figure B).
- Create or enter the PIN for your security key, click OK, then touch the security key on its gold area (Figure C).
You should then be signed into the site. For subsequent logins to the same site, simply plug in your security key, enter your PIN, and touch the key when prompted to sign in.
How to set up the security key when already logged into your Microsoft Account site
If you're already signed into your Microsoft Account, you can set up the security key without going to the login screen.
- At your Account page, click the heading for Security (Figure D).
- Click the box for More Security Options, and scroll down the Additional Security Options page to the section for Windows Hello And Security Keys.
- Click the link to Set Up A Security Key (Figure E).
- At the next screen, click the type of security key you're using (USB Device or NFC Device), and click Next (Figure F).
- Make sure your security key is connected.
- Create or enter the PIN for your security key, click OK, then touch the security key on its gold area.
- Create a name for your security key, and click Next (Figure G).
The next time you try to sign into the site, you can opt to use your security key. Enter your PIN and touch the key, and you'll be signed in.
How to become a cybersecurity pro: A cheat sheet (TechRepublic)
Windows 10 security: A guide for business leaders (TechRepublic Premium)
Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)