The best way to protect yourself online

Secure your data with a $25 key

Keeping online accounts secure is critical for journalists or anyone working with sensitive information. You’re more likely to be targeted and you have sources or data you need to protect. You’re also on deadline, and can’t have security slow you down. So what should you do?

Secure your email with a $25 physical key like this.

Yubico’s $25 Security Key NFC ensures you’re the one logging into your email

This post is a guest piece from Wonder Tools reader Paul Schreiber, @paulschreiber, Director of Engineering at Tech Matters. Paul wrote persuasively to me about the value of security, and I suggested he share a summary of his #1 piece of advice.

Two-factor authentication (2FA) is all about adding a layer of security beyond a password that can be stolen. Not all forms of two-factor authentication are equal. Some 2FA methods— like text messages, authenticator apps and push notifications— are vulnerable to phishing attacks. If someone can trick you into typing in your password, they can trick you into typing in a one-time code or tapping yes on a notification prompt, too.

So what should you use? A security key.

• It’s faster and easier to use than other two-factor authentication methods. A Google study showed keys reduced login time by two-thirds).

• Keys are resistant to phishing attacks, since they only work on the authentic site.

According to Dr. Martin Shelton, Principal Researcher at the Freedom of the Press Foundation, “when it needs to be truly locked down, a security key — such as a YubiKey — is crucial.”

How does the security key work?

After entering your username and password, a site (like your email service) will prompt you to tap the key that’s inserted into your computer’s USB slot. That’s it!

They start at $25

• Security keys are inexpensive. Yubico and Feitian both have $25 models. Students and teachers with a .edu address can save 20% on Yubico keys.

• Google sells its Titan key for $30, though Google’s key doesn’t support the fancy-sounding FIDO2 standard that some Microsoft applications require.

[Note: no affiliate links are used in this post, and no one associated with this post has any financial stake in these products. We’re recommending what we think will work best for you.]

Keys work across platforms

The Yubico and Feitian keys work on modern browsers including Chrome, Firefox, Edge and Safari. You can use them with desktop computers as well as Android or iOS devices. That means you can use your key to log into email on your desktop or phone. Your key can be used to log into lots of services, including:

• Email providers — Google, Microsoft, Yahoo

• Social networks — Twitter and Facebook

• Popular services like Dropbox, 1Password, GitHub, Cloudflare, Amazon Web Services and WordPress.com.

I recommend getting two keys, so you’re not locked out if one is lost or damaged. You can use the same keys for your work and personal accounts.

What to secure first when you buy a key