Phishing and Security Keys

When it comes to online security, confusion about the risks can lead people to obsess over obscure threats while ignoring key innovations that could truly protect them. Even highly-targeted users like politicians and activists don’t fully appreciate the scourge of phishing, and many aren’t familiar with an emerging form of two-factor authentication known as “Security Keys” that we hope can stop it in its tracks.

To that end, here’s a brief primer on phishing, security keys, and online threats.

Security keys are “transformative” and “revolutionary” for information security

Don’t take this as advice [relating to above link] to give up on traditional 2FA! This man-in-the-middle business is generally reserved for targeted attacks (where someone specifically wants to compromise your security), and traditional 2FA is still a powerful disincentive to opportunity attacks (where someone just wants to compromise anyone’s security). In that case, you don’t need to be faster than the bear.