What I'd like to see, is U2F auth to protect me from phishing, and having a YubiKey-backed OTP won't help here. I personally don't mind carrying their calculator with me. Second, the browser sends the code directly to the website, so an attacker sitting in between can’t capture the temporary two-factor code and enter it on the real website to gain access to your account. Well I'm fine with what they provide now in terms of security and I hope they won't break it with a 'convenient' PIN or SMS recovery. Bank of America customers can now use FEITIAN Security Keys for Sign-on and Bank Transfers.
First, the browser checks to ensure it’s communicating with the real website using encryption, so users won’t be tricked into entering their two-factor codes into fake phishing websites. When you insert it into your computer’s USB port or tap it against your phone, the browser on your computer can communicate with the USB security key using secure encryption technology and provide the correct response that lets you log into a website.īecause this runs as part of the browser itself, this gives you some nice security improvements over typical two-factor authentication. This tends to be a mid-tier and up sort of feature. You should purchase any future mobile phone that has NFC. If the key has NFC, and your phone does to then it will work. Some recommend having a second key as a back-up. It’s based on existing “smart card” security technology. Get the one that will work with your PC - you can get a mini-hub/dongle if you dont have USB-A or C, or NFC. Some of them have NFC support so they can be used with Android phones. Currently, U2F devices are usually small USB devices that you insert in your computer’s USB port.
0 kommentar(er)
