Featured Image: Facebook User Logs In with FIDO U2F Security Key by Yubico.
Yep! This is a real thing. Just like a key to your home, you can secure your online accounts and WordPress site with a physical key. In fact, this is a matter of practice for WordPress site I build.
Not all online services offer this kind of protection yet but there are a growing number of services online that support this technology, including Google, Facebook, and more.
Why A Physical Key?
A physical key is by far a lot more convenient than waiting for a text message, which also requires a PIN or password if you are already security savvy, or a two-factor App like Google Authenticator or Authy which also require a password, leaving you typing in two usernames, two passwords, and a security code. In total, five fields between two devices before you get to the reason you were even signing in. With a physical key, you just sign in with your normal username and password and slide your key into a USB slot.
Another aspect of this is that phones and phone accounts can be forwarded to other devices, meaning someone else can get your two-factor code on their device. This is also a possibility for Google Authenticator and Authy, though less likely with Google Authenticator. These hacking tactics are not possible with a physical security key, which someone must have physical possession of in order to sign into your account.
I recently posted a blog post about setting up a YubiKey for WordPress, which we require for all Editors, Authors, Contributors and Admin for any WordPress accounts managed under Gap Creek Media. You can find out how to set up your key by going to my blog post, Two Factor Authentication. I will be adding more blog posts to that series in the future that includes helpful videos.
If you are interested in better security that is also easier to use, you can purchase your Yubico Key here.