Should you buy a USB, Bluetooth or NFC security key? Here is the best option
Using a computer security key is the best way to verify your identity, but not all security keys are created equal. USB, NFC and Bluetooth security keys all have their advantages and disadvantages.
What is a security key?
It might seem a little strange to use a physical key to log into a device or gain access to a program, but that’s exactly what a security key is. Computer security keys are pocket-sized keys that provide encryption, authentication, and authorization services. After logging in to your account with your username and password, you’ll use multi-factor authentication security.
|
Function |
FIDO U2F |
FIDO2 (WebAuthn + CTAP) |
|---|---|---|
|
Authentication type |
Second Factor Verification (requires password + security key) |
Passwordless authentication (supports second factor login even without a password) |
|
Primary use case |
Increase security by adding another layer (2FA) |
Passwordless login, strong multi-factor authentication and improved security across multiple devices |
|
Cryptographic method |
Public Key Encryption with ECC (NIST P-256) |
Public key encryption with ECC (NIST P-256) or RSA (2048 bits or longer) |
|
Hash function |
SHA-256 |
SHA-256 |
|
Encryption |
Primarily uses ECC for signing challenges |
Uses ECC/RSA to sign challenges and AES to encrypt communications (in some implementations) |
|
Device certification |
Not explicitly supported |
Supported for device authentication |
|
Supported protocols |
FIDO U2F |
FIDO2 (WebAuthn for browsers, CTAP for authenticators) |
|
Backwards compatibility |
ON |
Backwards compatible with FIDO U2F keys |
|
Authentication flow |
Challenge-Response (signs challenge with private key) |
Challenge-Response (supports both challenge-response and attestation) |
|
Supported devices |
Mainly desktop browsers and some mobile devices |
A wide range of browsers, mobile devices, platforms and applications |
|
Safety benefits |
Protection against phishing and man-in-the-middle attacks |
Protection against phishing, man-in-the-middle and credential theft; supports device attestation |
Security keys are partially secure because they use Fast Identity Online (FIDO) technology. FIDO is a collection of protocols designed to work with passwords during authentication. With FIDO, you don’t need to remember dozens of passwords or even use a password manager to log in. With passwordless authentication, just insert and press your security key to verify.
All FIDO protocols use public key cryptography for authentication. This type of encryption uses two keys to protect data: a public key and a private key. Your private key decrypts information and is not shared.
Unfortunately, physical security keys cannot be used to verify every account. Although this technology has been around since 2008, it is still slowly gaining acceptance.
There are three types of security keys. While each type of key is incredibly secure, some provide more security than others.
USB
A USB security key is the most secure of all key types. By physically putting it on your computer, there is less chance of the data being sent being intercepted by someone listening in on your network. That being said, even if a cyber crook is able to collect the data sent by your physical key, they still have to go through the hard work of decrypting that data. Brute-forcing a FIDO compliant USB security key can literally take forever depending on the length of the key.
NFC
NFC stands for Near Field Communication. While you may never have heard of NFC, you can use it anytime you attach a credit card or phone payment. The same technology is found in computer security keys. For NFC to work, you need to be within about two inches of the device you’re trying to communicate with. This means that the intruder must be close to you to pick up the signal.
Although not very feasible, it is possible. However, remember that FIDO-compliant security keys use extremely strong encryption, so even if this data is captured, it still needs to be decrypted. Should the private key be compromised, NFC makes it difficult to impersonate a user by requiring both parties to verify their identity before sending sensitive information, while encrypting the physical security key makes it extremely unlikely that your data will be compromised.
While hardware NFC security keys are incredibly secure, the good news is that most NFC-enabled security keys also provide USB connectivity.
Bluetooth
icon and the other hand holding a phone with a Bluetooth icon.” src=”https://static1.makeuseofimages.com/wordpress/wp-content/uploads/2024/09/a-hand-holding-a-phone-with-a-wi-fi-2-4ghz-icon-and-another-hand-holding-a-phone-with-a-bluetooth-icon.jpg” style=”display:block;height:auto;max-width:100%;”/>
We use Bluetooth to share files and connect to speakers, and now we can also use it to authenticate with a security key. At first glance, Bluetooth may seem insecure because it has a broadcast radius of 33 feet. While this creates a very low risk of man-in-the-middle attacks, the likelihood of your information being intercepted is incredibly small. Your hardware security key will use the Bluetooth Secure Simply Pairing mechanism designed to address man-in-the-middle attacks that made older pairing mechanisms vulnerable to such an attack.
Even if a hacker defies the odds and captures your private key, current computing power makes decryption impossible. Hackers can capture all they want, but the data they collect will be useless if they can’t crack the cipher.
While each type of security key has its advantages and disadvantages, it is important to note that each type is incredibly secure. Using any of these keys will ensure that your information is safe – unless you lose your key, of course.