Thursday, 15 April 2021 23:00

SMS is out - protect yourself online to the highest degree with FEITIAN FIDO2 security keys

By

With ever-increasing cyber threats, it's essential we protect our online identities but a password isn’t enough. If you thought SMS-based two-factor authentication was the solution, think again. For the greatest protection, you need FIDO2 security, and FEITIAN Technologies has just the device for you - and are giving iTWire readers a discount too.

With malicious actors continually breaching websites and dumping login details it is essential your personal security regime goes beyond a username and password combination. Even if your password is highly complex, if your email account is compromised it’s a simple feat to use a website’s “forgot password” feature to reset it. So, that's where two- and multi-factor authentication comes in; now your login involves two pieces of fixed information (username and password), and one variable piece of information (a one-time code).

Sending a text message to your mobile phone is convenient, yet much as your email can be breached, so too attackers using “SIM swapping” exploit social engineering to transfer your mobile service to a new SIM card, and thus receive all your one-time codes themselves. This is covered in the Reply All podcast episode, “The Snapchat Thief” where the very attack is used by hacking groups who steal social media accounts with valuable usernames.

What can a mere mortal do? You simply want to browse the Internet and do your job and your organisation’s password policies are likely already hard to manage as-is. Then you’re told to have a different password for every application, to remember it, but you can’t be sure your email or mobile phone is secure anyhow. This is where FIDO2 comes in; a joint effort between the FIDO ("Fast Identity Online”) alliance and the World Wide Web Consortium (W3C), with the goal of creating strong authentication for the web.

FIDO supports a full range of authentication technologies, including biometrics like fingerprints, iris scanners, voice, and facial recognition, as well as existing standards and solutions such as USB security tokens, smart cards, Near Field Communication (NFC), Trusted Platform Modules (TPM), and others. The FIDO2 specifications emphasise a device-centric model, meaning a simple hardware device you carry performs the authentication and dramatically simplifies your access to online services while enhancing your security.

The user's device is registered with a public key, while the device holds a private key. The key is unlocked by the user’s gesture such as a biometric or pressing a button. So, that's FIDO2, and if you're not using it, you should. If your organisation doesn’t support it, then it should. In fact, Google lists FIDO compliance as a factor in giving yourself the most advanced protection. They go so far as to say you ought to have two FIDO2 security keys; one as your master, and one as a backup. This is Google's advice for journalists, whistle-blowers, and people living in oppressive regimes, and it's solid advice for anybody who wishes to protect their online identity.

FEITIAN Technologies began in 1998 in China and is now the world's leading provider of digital authentication hardware with customers in over 100 countries. Their products are used to support and strengthen industries such as financial, healthcare, government, enterprise, and payment.

FEITIAN provided iTWire samples of three of its products - the BioPass FIDO2 security key, iePass FIDO security key, and the AllinPass FIDO2 security key. The company has also made a generous 20% discount available to iTWire readers.

They all provide hardware-based security, but with different connectivity options ranging from USB, biometrics, NFC, and Bluetooth, to suit your needs whether tethered to a desk or on the go. The company has other products, and can also brand any of its products with your organisation’s logo, helping you roll out an aesthetic fleet of secure authenticators to protect your company’s data and reputation.

Each device comes in a durable and compact design and gives you a single authenticator for multiple applications. They protect your online accounts against unauthorised access such as phishing, man-in-the-middle attacks, and hijacking.

 

BioPass FIDO2 security key
The BioPass FIDO2 security key comes with either a USB-A or USB-C interface and uses your fingerprint to securely sign you into websites and applications. It supports the FIDO U2F, FIDO2 and HOTP protocols. It carries an RRP of $USD 60.

FTFBioPassFIDO

 

iePassFIDO security key
The iePassFIDO security key includes USB-C and Lightning interfaces together, one on either end. This makes it a great fit for your iOS devices, and your Android devices, PCs and laptops, MacBooks and more. A USB-C to USB-A adapter is included. It supports U2F, FIDO2, HOTP and PIV protocols. It carries an RRP of $USD 78.

FTFiePassFIDO

 

 

AllinPass FIDO2 security key
The AllinPass FIDO2 security key provides embedded fingerprint verification, and supports USB-C, NFC and Bluetooth, allowing you to share the one key across all the devices you own. It supports FIDO2 and carries an RRP of $US 130.

FTFAllinPassFIDO

 

Which one is right for you?

Whichever security key you opt for, the setup is simple and straightforward. They work with all FIDO-compliant applications and services on Windows, macOS or Linux such as Google Chrome, Gmail, Facebook, and Dropbox.

Computer users have long been told of the importance of having complicated passwords that are unique for every site and service we work with, but managing such a mass of credentials is a huge mental endeavour. With a security key like those in the FEITIAN range, your mind can rest; you can make up any random password at any time and once it’s registered with your security key you can dismiss the password from your mind. Let the hardware do the work and protect your data, your finances, your precious memories, and your intellectual property.

For IT departments, deploying hardware-based FIDO2 security keys can be the difference stopping your company's name from being on the front page of the newspaper due to a data breach. It's certainly a lot better to contain reputational data and restore customer confidence when you don't have a breach at all because your users are employing the best security they can.

Ultimately, the choice you have to make is simple. it's not a matter of whether you ought to be using a hardware authenticator, but which model suits your situation best.

 

Get your own FEITIAN security key at a special price
FEITIAN has kindly made a special offer for iTWire readers; buy one or more security keys from the following link and enter promo code David-20 for 20% off.

You can also contact FEITIAN Technologies for any product enquiries, including personalisation and bulk orders.

 

Media

Watch FEITIAN Technologies' BioPass FIDO2 security key in use with Windows Hello, on Windows 10.

 

 

Listen to "The Snapchat Thief" here, for the devastating effects of SIM swapping.

 


Subscribe to ITWIRE UPDATE Newsletter here

GRAND OPENING OF THE ITWIRE SHOP

The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.

ENTER THE SHOP NOW!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
David M Williams

David has been computing since 1984 where he instantly gravitated to the family Commodore 64. He completed a Bachelor of Computer Science degree from 1990 to 1992, commencing full-time employment as a systems analyst at the end of that year. David subsequently worked as a UNIX Systems Manager, Asia-Pacific technical specialist for an international software company, Business Analyst, IT Manager, and other roles. David has been the Chief Information Officer for national public companies since 2007, delivering IT knowledge and business acumen, seeking to transform the industries within which he works. David is also involved in the user group community, the Australian Computer Society technical advisory boards, and education.

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments