What is a Physical Security Key? ( 2.5 minute read)

Article author
Betty Fleming

A Physical Security Key is a small device that is used in multifactor authentication to verify access to and strengthen security on accounts. The key plugs into your computer or phone's USB port or connects to your phone via bluetooth. 

Screen_Shot_2021-08-26_at_1.31.44_PM.png

Security keys have high levels of interoperability meaning keys like Google Titan and Yubikeys can be used on a wide variety of important accounts, such as email, Facebook, Twitter, and Dropbox.  As a further bonus, keys used to protect campaign or organization accounts can also be used to protect personal accounts.

Instead of being texted/emailed a code, or receiving a notification on a phone app, you insert the key into your USB port and touch a button on it. Some keys also have NFA, meaning they can connect to your phone's bluetooth and activate that way. Each device has a unique code built on it, which is used to help confirm your identity. 

There are several different types of Titan keys--USB A, USB C, both with NFC. To learn which key will work best for you or your campaign, see our article Which Type of Key Should I Get? 

Keys are not inconvenient. 

Keys not only provide much better security- they are convenient as well. Once you set your key up as a verification factor, you can make your device trusted, so that you don’t need to use your key to log in every time. If you were to use a different device for the first time (like a friend’s computer), your key would be required to verify your identity. Even more importantly, if someone is trying to hack your account and tries to log in from an unknown device, they will be denied access unless they have a key. Most services notify you of login attempts to your account from new devices.

If you login to a device you are using only once or use seldom, don’t allow the device to remember or trust the device. This way, if someone else tries to log in to your account from a device you used only once, even if accidentally, they will be blocked without a key. 

Accounts can have multiple security keys registered to the account. This is extremely helpful for campaigns. Many campaigns have accounts that are shared, like an info email, an outbound email used to contact supporters, and/or a candidate’s social media account.  Accounts shared by multiple team members can be protected with strong authentication with security keys. And when a team member leaves, the key can be removed from the account, thus denying future access and not having to hassle with password changes. 

It is highly recommended that users have two security keys

One of the reasons they are called keys is that they're small and fit on a keychain.

YubiKey-4-keychain-and-YubiKey-4-Nano.png

 

As we all know, keys can be lost, so it is generally suggested that you have a backup key. Some people have a third key they store securely and never take it with them, in case they lose both.

Google workspace accounts can be recovered if keys are lost via the use of a one time code.

Learn more: What is Google's Advanced Placement Program?, What Type of Key Should I Get?

How To: How to Secure Shared Accounts, How to Turn on Google APP with your Keys, Protecting your Facebook Account, Protecting your Twitter, Instagram, and TikTok Accounts

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request

Comments

2 comments

  • Comment author
    Coreyanderson31

    Protection of my personal data from the government and the media that unlawfully processes my personal data without my consent or knowledge for many years now. I have never gotten any notification from anyone about this issue. Please advise me Corey James Anderson what to expect or how to proceed

    0
  • Comment author
    Coreyanderson31

    ddcuserkb@defendcampains.org and (660)522-0283 were fraudulently registered in campaign mode using my personal data without my consent or knowledge violating my personal privacy and civil liberties. This is cyber bullying and harassment that has targeted my personal data violated federal law and regulations

    0

Please sign in to leave a comment.