Thursday, 15 April 2021 23:00

SMS is out - protect yourself online to the highest degree with FEITIAN FIDO2 security keys

By

With ever-increasing cyber threats, it's essential we protect our online identities but a password isn’t enough. If you thought SMS-based two-factor authentication was the solution, think again. For the greatest protection, you need FIDO2 security, and FEITIAN Technologies has just the device for you - and are giving iTWire readers a discount too.

With malicious actors continually breaching websites and dumping login details it is essential your personal security regime goes beyond a username and password combination. Even if your password is highly complex, if your email account is compromised it’s a simple feat to use a website’s “forgot password” feature to reset it. So, that's where two- and multi-factor authentication comes in; now your login involves two pieces of fixed information (username and password), and one variable piece of information (a one-time code).

Sending a text message to your mobile phone is convenient, yet much as your email can be breached, so too attackers using “SIM swapping” exploit social engineering to transfer your mobile service to a new SIM card, and thus receive all your one-time codes themselves. This is covered in the Reply All podcast episode, “The Snapchat Thief” where the very attack is used by hacking groups who steal social media accounts with valuable usernames.

What can a mere mortal do? You simply want to browse the Internet and do your job and your organisation’s password policies are likely already hard to manage as-is. Then you’re told to have a different password for every application, to remember it, but you can’t be sure your email or mobile phone is secure anyhow. This is where FIDO2 comes in; a joint effort between the FIDO ("Fast Identity Online”) alliance and the World Wide Web Consortium (W3C), with the goal of creating strong authentication for the web.

FIDO supports a full range of authentication technologies, including biometrics like fingerprints, iris scanners, voice, and facial recognition, as well as existing standards and solutions such as USB security tokens, smart cards, Near Field Communication (NFC), Trusted Platform Modules (TPM), and others. The FIDO2 specifications emphasise a device-centric model, meaning a simple hardware device you carry performs the authentication and dramatically simplifies your access to online services while enhancing your security.

The user's device is registered with a public key, while the device holds a private key. The key is unlocked by the user’s gesture such as a biometric or pressing a button. So, that's FIDO2, and if you're not using it, you should. If your organisation doesn’t support it, then it should. In fact, Google lists FIDO compliance as a factor in giving yourself the most advanced protection. They go so far as to say you ought to have two FIDO2 security keys; one as your master, and one as a backup. This is Google's advice for journalists, whistle-blowers, and people living in oppressive regimes, and it's solid advice for anybody who wishes to protect their online identity.

FEITIAN Technologies began in 1998 in China and is now the world's leading provider of digital authentication hardware with customers in over 100 countries. Their products are used to support and strengthen industries such as financial, healthcare, government, enterprise, and payment.

FEITIAN provided iTWire samples of three of its products - the BioPass FIDO2 security key, iePass FIDO security key, and the AllinPass FIDO2 security key. The company has also made a generous 20% discount available to iTWire readers.

They all provide hardware-based security, but with different connectivity options ranging from USB, biometrics, NFC, and Bluetooth, to suit your needs whether tethered to a desk or on the go. The company has other products, and can also brand any of its products with your organisation’s logo, helping you roll out an aesthetic fleet of secure authenticators to protect your company’s data and reputation.

Each device comes in a durable and compact design and gives you a single authenticator for multiple applications. They protect your online accounts against unauthorised access such as phishing, man-in-the-middle attacks, and hijacking.

 

BioPass FIDO2 security key
The BioPass FIDO2 security key comes with either a USB-A or USB-C interface and uses your fingerprint to securely sign you into websites and applications. It supports the FIDO U2F, FIDO2 and HOTP protocols. It carries an RRP of $USD 60.

FTFBioPassFIDO

 

iePassFIDO security key
The iePassFIDO security key includes USB-C and Lightning interfaces together, one on either end. This makes it a great fit for your iOS devices, and your Android devices, PCs and laptops, MacBooks and more. A USB-C to USB-A adapter is included. It supports U2F, FIDO2, HOTP and PIV protocols. It carries an RRP of $USD 78.

FTFiePassFIDO

 

 

AllinPass FIDO2 security key
The AllinPass FIDO2 security key provides embedded fingerprint verification, and supports USB-C, NFC and Bluetooth, allowing you to share the one key across all the devices you own. It supports FIDO2 and carries an RRP of $US 130.

FTFAllinPassFIDO

 

Which one is right for you?

Whichever security key you opt for, the setup is simple and straightforward. They work with all FIDO-compliant applications and services on Windows, macOS or Linux such as Google Chrome, Gmail, Facebook, and Dropbox.

Computer users have long been told of the importance of having complicated passwords that are unique for every site and service we work with, but managing such a mass of credentials is a huge mental endeavour. With a security key like those in the FEITIAN range, your mind can rest; you can make up any random password at any time and once it’s registered with your security key you can dismiss the password from your mind. Let the hardware do the work and protect your data, your finances, your precious memories, and your intellectual property.

For IT departments, deploying hardware-based FIDO2 security keys can be the difference stopping your company's name from being on the front page of the newspaper due to a data breach. It's certainly a lot better to contain reputational data and restore customer confidence when you don't have a breach at all because your users are employing the best security they can.

Ultimately, the choice you have to make is simple. it's not a matter of whether you ought to be using a hardware authenticator, but which model suits your situation best.

 

Get your own FEITIAN security key at a special price
FEITIAN has kindly made a special offer for iTWire readers; buy one or more security keys from the following link and enter promo code David-20 for 20% off.

You can also contact FEITIAN Technologies for any product enquiries, including personalisation and bulk orders.

 

Media

Watch FEITIAN Technologies' BioPass FIDO2 security key in use with Windows Hello, on Windows 10.

 

 

Listen to "The Snapchat Thief" here, for the devastating effects of SIM swapping.

 

Read 3905 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here
BACK TO LATEST NEWS here

SONICWALL 2022 CYBER THREAT REPORT

The past year has seen a meteoric rise in ransomware incidents worldwide.

Over the past 12 months, SonicWall Capture Labs threat researchers have diligently tracked the meteoric rise in cyberattacks, as well as trends and activity across all threat vectors, including:

Ransomware
Cryptojacking
Encrypted threats
IoT malware
Zero-day attacks and more

These exclusive findings are now available via the 2022 SonicWall Cyber Threat Report, which ensures SMBs, government agencies, enterprises and other organizations have the actionable threat intelligence needed to combat the rising tide of cybercrime.

Click the button below to get the report.

GET REPORT!

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

BACK TO HOME PAGE
David M Williams

David has been computing since 1984 where he instantly gravitated to the family Commodore 64. He completed a Bachelor of Computer Science degree from 1990 to 1992, commencing full-time employment as a systems analyst at the end of that year. David subsequently worked as a UNIX Systems Manager, Asia-Pacific technical specialist for an international software company, Business Analyst, IT Manager, and other roles. David has been the Chief Information Officer for national public companies since 2007, delivering IT knowledge and business acumen, seeking to transform the industries within which he works. David is also involved in the user group community, the Australian Computer Society technical advisory boards, and education.

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments