If you’ve made it to 2020, there’s a high likelihood that hackers have your personal information: billions of usernames and passwords have been leaked over the last decade. While it’s impossible to ever stop yourself from being hacked – we’re looking at you Jeff Bezos – there are a few steps you can take to better protect yourself.
First, you need better passwords. ‘Password’ and ‘12345’ really don’t cut it. To easily generate and store secure, unique passwords for every website and service you use, you need a password manager.
Next you need to turn on two-factor authentication. This is probably one of the best ways you can protect your online accounts from being accessed by someone else. The protection method requires people to prove they are who they say they claim to be when logging into a service by using a second authentication method. For instance, when you enter your password for Facebook you’ll also have to enter a code that’s generated by an authenticator app or sent via an SMS. The keys use the FIDO2 standard, which is supported by plenty of big tech firms, including Amazon, Google and Microsoft.
You don’t have to use a code though, it’s possible to prove your identity using a physical ‘key’. These most often take the form of a USB device, but the underlying standards that power two-factor authentication can also be in other devices, such as your phone. A hardware authentication method can be preferable to using a software-based system as it’s still accessible if you lose your phone and can’t be hacked as easily. (And if you really want to make yourself more private online, get a VPN, too).
How to setup a two-factor
As two-factor authentication uses the FIDO2 standard, all the ways of setting up the hardware is pretty similar. For this example, we’ll use your Google account. The process is nearly identical if you’re using Facebook or any other service that offers the method.
First you need to turn on two-factor authentication. This can be done by signing into Google and navigating to its security tab.
Pick the option to turn on two-factor authentication and then click to add a hardware key. At this point, you’ll be prompted to plug your device in to a USB socket and then press a button on the device. And that’s it.
The next time you login to Google from a non-authenticated device, you’ll be asked to use the two-factor hardware to prove that it’s really you. All the hardware keys we tested here were setup in a couple of minutes and worked first time.
When you buy something using the retail links in our stories, we earn a small affiliate commission. This does not impact the products we recommend.
YubiKey 5 NFC
YubiKey is one of the biggest makers of two-factor hardware – including specific keys for smartphones – but what stands out about this model is its near-field communication (NFC) support. NFC allows two devices to communicate when they’re within 4cm of each other: in this case it can be a phone and the hardware key that chat.
To use the NFC key, you can position it near your phone and tap on the small gold plate. The other option is to plug the USB into your PC or laptop and then tap the gold plate to show that you’re using the device at that moment. YubiKey says its products have fibreglass-reinforced bodies and “military-grade hardened gold” – it’s also water resistant and can be put on a keyring.
Sometimes smaller is better. The Somu from SoloKeys is smaller than your thumbnail and still manages to fit into a USB port on your desktop of laptop. It was originally crowdsourced but has now shipped and is available for pre-order. It’s essentially a smaller version of SoloKey’s larger two-factor authentication USB key. The team behind SoloKeys has used open-source hardware and firmware – you can see, and verify, all of the device’s code and plans on GitHub.
Thetis Ble Fido U2f Key
This key from Thetis is one of the bulkier two-factor keys out there, but its aluminium case spins around to protect the end of the USB connector. It’s also one of the cheaper two-factor devices that we’ve included here. For that price you also get Bluetooth connectivity, like NFC this allows you to verify your identity with a press of the Bluetooth button and removes the need to plug the key directly into your PC or computer. The one downside of using the Ble key is that you need to download an app – Google authenticator on Android; Smart Lock on iOS – to use the Bluetooth option.
Google Titan Key
You probably use Google for a ton of your online services, including email, photos, calendars and more, so we’ll leave it up to you if you want to give the company the literal keys to your online accounts. Despite this reservation, its Titan Key is a robust security key option. It comes in three configurations: USBC, NFC and Bluetooth, giving you plenty of different ways to use the hardware. The plastic casing means they’re not as robust as other models in this list, but pricing starts at £50.
Price: From £50 | Check price on Google
More great stories from WIRED
🍅 Why do modern tomatoes taste so bad?
🚙 How Tesla became the world’s most overvalued car company
📽️ Marvel at the incredible real-life Iron Man
📢 How Slack ruined work