Yubico’s John Gilbert on how hardware authentication keys can help protect vulnerable populations

In 2021, Check Point Research reported a staggering 93% year on year increase in ransomware attacks against global organisations. For the numerous organisations and individuals that are defending freedom of press, diversity in cybersecurity and technology, free speech, human rights, and election security throughout many vulnerable regions, these attacks pose an enormous risk by attempting to silence their voices and/or put their lives at risk. It is critical that security solutions exist to help protect them from these attacks. Why hardware authentication keys are effective It is evident that cyber attacks are increasing in their level of sophistication, and those who rely on basic username and password authentication are at a much greater risk of their digital information being breached. Although some digital security is better than none at all, more conventional cybersecurity methods such as mobile authentication apps, one-time passcodes (OTPs), and two-factor authentication (2FA) can be easily susceptible to common online threats. Multi-factor authentication (MFA) methods or strong, modern 2FA involves a user providing two or more forms of verification to prove their identity. An example of this type of 2FA is a physical product like a hardware security key, which is configured to your devices and activated by either a tap or a biometric identifier such as a fingerprint. This allows users to access their online accounts and digital applications. Hardware security keys offer the most effective form of digital protection against various types of online threats including advanced man in the middle (MiTM) attacks, SIM swapping, phishing scams, and account takeovers. These devices provide individual security for a user’s login credentials and their compatible devices which prevents external attacks deployed by malicious actors. Different models of security keys also include password manager features to ensure user security and privacy throughout the myriad of different online platforms used on a daily basis. How hardware authentication keys protect the vulnerable Journalists, human rights organisations, and activist groups are disproportionately targeted by bad actors with cyber attacks carried out against them with the aim of silencing their voices. In addition, marginalised groups including those facing domestic abuse, sexism, LGBTQ+ violence, racism, and other social justice issues are especially at risk and in danger when attempting to speak out about the institutionalised injustices that they often face. Political candidates, organisations, and bi-partisan networks fighting to maintain democratic political processes are also regularly targeted by online attacks and other malicious campaigns. Hardware security keys can play a substantial role in helping targeted communities uphold their freedoms of speech and human rights. These devices can safeguard a user’s personal and professional information from common cyber-attack methods whilst also keeping their identities safe online. By levelling up their cyber security in this way, users can feel at ease knowing that their most sensitive and valuable data cannot be so easily leaked, stolen, or extorted. There is a clear need for advanced information security through hardware authentication keys in these situations. Especially under intense and perhaps unsafe circumstances, robust digital security needs to be more accessible. Of all matters to worry about, cyber security should not be one. In fact, over 4,000 organisations around the world have enlisted in the help of cybersecurity services for their digital protection. Effective digital security contributes to physical, online, and even national safety when properly utilised. Not all authentication is created equal, and passwords and usernames are vulnerable to phishing, man-in-the-middle (MitM) attacks, SIM swapping and account takeovers. Hardware security keys eliminate these risks by securing users not with what they know, but with something they have, which cannot be compromised.