Wonder Tools

Share this post

The best way to protect yourself online

wondertools.substack.com

The best way to protect yourself online

Secure your data with a $25 key

Jeremy Caplan
and
Paul Schreiber
May 5, 2022
8
2
Share this post

The best way to protect yourself online

wondertools.substack.com

Keeping online accounts secure is critical for journalists or anyone working with sensitive information. You’re more likely to be targeted and you have sources or data you need to protect. You’re also on deadline, and can’t have security slow you down. So what should you do?

Secure your email with a $25 physical key like this.

Yubico’s $25 Security Key NFC ensures you’re the one logging into your email

This post is a guest piece from Wonder Tools reader Paul Schreiber, @paulschreiber, Director of Engineering at Tech Matters. Paul wrote persuasively to me about the value of security, and I suggested he share a summary of his #1 piece of advice.

Two-factor authentication (2FA) is all about adding a layer of security beyond a password that can be stolen. Not all forms of two-factor authentication are equal. Some 2FA methods— like text messages, authenticator apps and push notifications— are vulnerable to phishing attacks. If someone can trick you into typing in your password, they can trick you into typing in a one-time code or tapping yes on a notification prompt, too.

So what should you use? A security key.

  • It’s faster and easier to use than other two-factor authentication methods. A Google study showed keys reduced login time by two-thirds).

  • Keys are resistant to phishing attacks, since they only work on the authentic site.

According to Dr. Martin Shelton, Principal Researcher at the Freedom of the Press Foundation, “when it needs to be truly locked down, a security key — such as a YubiKey — is crucial.”

How does the security key work?

After entering your username and password, a site (like your email service) will prompt you to tap the key that’s inserted into your computer’s USB slot. That’s it!

They start at $25

  • Security keys are inexpensive. Yubico and Feitian both have $25 models. Students and teachers with a .edu address can save 20% on Yubico keys.

  • Google sells its Titan key for $30, though Google’s key doesn’t support the fancy-sounding FIDO2 standard that some Microsoft applications require.

[Note: no affiliate links are used in this post, and no one associated with this post has any financial stake in these products. We’re recommending what we think will work best for you.]

Share

Keys work across platforms

The Yubico and Feitian keys work on modern browsers including Chrome, Firefox, Edge and Safari. You can use them with desktop computers as well as Android or iOS devices. That means you can use your key to log into email on your desktop or phone. Your key can be used to log into lots of services, including:

  • Email providers — Google, Microsoft, Yahoo

  • Social networks — Twitter and Facebook

  • Popular services like Dropbox, 1Password, GitHub, Cloudflare, Amazon Web Services and WordPress.com.

I recommend getting two keys, so you’re not locked out if one is lost or damaged. You can use the same keys for your work and personal accounts.

What to secure first when you buy a key

Start by securing your primary email address. Not only does it contain your most important information, it’s also the account hackers rely on to access your other accounts. That’s the lesson from the hacking disaster that befell journalist Mat Honan a decade ago. To definitively lock down your Google account, consider enabling Advanced Protection, which makes a security key the only allowed second factor.

Additional resources for more on two-factor authentication

  • What is two-factor authentication? Here’s a quick primer from the Freedom of the Press Foundation

  • Here’s a step-by-step walkthrough to help you get set up with a new key.

  • Directory of hundreds of services that work with 2FA.

  • How to use your phone as a backup security key.

Freedom of the Press Foundation’s graphic illustrating the added layer of security that two-factor authentication offers over a simple password..

More resources to protect your privacy

Wonder Tools
Protect Your Privacy 🛡 Wonder Tools
Welcome! In this Wonder Tools post I’m sharing security tips. You can use the tools noted here as your simple, low-cost privacy toolkit. The resources in this post come recommended by software engineer Rahul Chowdhury, who I collaborated with on this post. Rahul writes…
Read more
a year ago · 5 likes · Jeremy Caplan

Thank you for reading Wonder Tools. This post is public so feel free to share it.

Share

Leave a comment

Read more from Wonder Tools

Wonder Tools
What your laptop needs
Summary: A new laptop offers a fresh start. I recently got a new MacBook Pro. In this post I’ll share the core apps I installed right away and what I use them for. While I use a Mac, many of these apps are cross-platform. Where relevant, I’ve noted Windows and Android alternatives…
Read more
9 months ago · 7 likes · 7 comments · Jeremy Caplan
Wonder Tools
Teach a 5-minute course 🧑‍🏫
7Taps is the best tool I've encountered for creating a quick microcourse. A microcourse is a miniature learning experience. It’s useful anytime you want to teach or explain something quickly and concisely, without creating a complex course or writing a long memo. Here's one I created with 7Taps about…
Read more
9 months ago · 9 likes · 4 comments · Jeremy Caplan
2
Share this post

The best way to protect yourself online

wondertools.substack.com
Previous
Next
2 Comments
Ryan
Jun 5, 2022Liked by Jeremy Caplan

Yubikeys are a great tool for multi-factor authentication, but when setting them up make sure you get backup codes from the application or add a second MFA tool to the account (like Google Authenticator) that you can use in case the Yubikey is lost or damaged.

Expand full comment
ReplyCollapse
1 reply
1 more comment…
TopNewCommunity

No posts

Ready for more?

© 2023 Jeremy Caplan
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great writing