The security key is built on open source hardware and firmware, making it a universal factor authentication device instead of a two-factor authentication device.
What's the key to most of your online accounts? Your email address. What's standing between this key to your online kingdom and the barbarians at the gate?
A simple way to add an extra layer of protection to your email account is a physical security device. It doesn't get much simpler than the SoloKey V2. I tested this device to see how easy it would be to add a second authentication factor to some of my online accounts.
It's pretty easy. There's no account to create for the SoloKey, and simply touching the sides of the key activates it. You have to turn on two-factor authentication for each account to use the key, but you're probably overdue for a general security check-up anyway.
The SoloKey V2 is new to the market and starts at $34. The keys are available for pre-order on Indigogo Indemand. It's the first open source FIDO2 security key, according to the company. FIDO2 allows individuals to use common devices to authenticate online services in mobile and desktop environments. FIDO2 cryptographic login credentials are unique to each website and stay on a user's device. This security model is designed to eliminate phishing, password theft and replay attacks.
SEE: Upgrade your personal security with a password manager or security key (TechRepublic)
I set up two-factor authentication for my Gmail account to add the security key. Basically you turn on 2FA in the security settings, wait for the prompt to insert the key, and then press on the sides of the key. That's it.
With some sites, you can use the key or SMS or both to secure your account. It's a good idea to have a backup method of authentication, in case you lose your key. The key also works with several popular password managers as well, which seems like the best way to use the device.
It's smaller and thinner than most memory sticks and comes with a silicon sleeve to protect the device. The key comes in USB-A and USB-C options, and there is a NFC key as well.
Haden Patrick, co-founder of the company, said that the key will work with access management services like Okta, Duo, and Azure AD. Users can select the key as an authentication method when prompted to provide verification.
The company also has a Solo Hacker key for hackers and makers.
A SoloKey will work with any site that uses FIDO2 or FIDO U2F, including these sites and services as of mid-March 2021:
- Google Wallet
- Microsoft Azure AD
- Microsoft 365
- How to become a cybersecurity pro: A cheat sheet (TechRepublic)
- Social engineering: A cheat sheet for business professionals (free PDF) (TechRepublic)
- Shadow IT policy (TechRepublic Premium)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)