Security Keys - Review


As you may know, the security keys are the most secure method of authentication on the market. After some months of usage, I'm writing down this review, which is not intended to be a full review nor comparing all keys. Its gonna be my impressions during this months of usage of the keys I've got.

ff4dd999e641973dbcfa550cb7d98014a3b5a2648b638ab659406c62f0ff3e49.png

Starting with the basic Security Key, by Yubico, its a budget friendly key, which costs US$20. If you want/need a NFC connection, its available for US$27. Both have an USB port connection (Type A) and works on any OS, like Windows, MacOS and Linux. It comes with FIDO2/U2F and WebAuthn protocols. It has no physical buttons, but instead, it uses a capacitive touch sensor.

86eed19b965c6c1f6fa00dacf7b678339fb7a04d716cf9caf9e2e98fe0fa9e4b.png

The Thetis FIDO2 security key costs US$19,99 and has an USB connection only. It comes with the FIDO2 protocol, which guarantees a good compatibility with services using the FIDO standards. Opposite to Yubico and its capacitive touch sensor, the Thetis FIDO2 security key comes with a physical button, which you may press when asked to. My concerning with physical buttons is to break the USB port through the time. Its not a bad thing, just different, but you may be cautious when using it. Works on Linux, Windows and MacOS systems but as it has no wireless connection, it won't work with any mobile.

618bce999bda47766c9a2512536b9f1f238b9ec9ac9693ec579b9a441461ab28.png

The Feitian Multipass FIDO security Key plays a multi role on this market. This key has an USB port connection and comes with NFC and BLE (Bluetooth) connections, which guarantees full compatibility with both computers and mobile devices. Though this great functionality be very good, it comes only with the FIDO protocol, which limits its compatibility with internet services. For example, this key is not compatible with Outlook (old Hotmail) service, but works flawlessly with Google products and services. It has a physical button, but as it's not directly plugged into the USB port (it comes with an small cable), there's no complaints on damaging the computer USB port. A short press on the button activates the NFC, and a long press activates the Bluetooth connection. The NFC connections is more secure, but works with Android phones, letting the BLE connection to play the role with iOS.

ed40fe509d0344a80d0936826c67501442f95e18a9d37fe83516a366376ba1cd.png

The last key reviewed is the Yubikey 5 Series, the ultimate security key for personal use. It has a variety of form factors and connections, supporting USB, USB Type C, Lightning and NFC. It has small form factor keys, coming with USB and USB Type C ports. Talking about compatibility, its the most complete key, which comes standard with FIDO2 protocol, WebAuthn, PIV, SmartCard functions, OATH (HOTP TOTP) and OpenPGP. Its compatible with all services that allow security keys. Works on any OS, both computers and mobiles. Yubico provides a software for the OATH usage, that may be in most cases better than other Authenticator Apps available on the market, including Google Authenticator. Its safer cause the code is stored inside the key and never leaves it. You can protect with a password and use the touch function, which shows the code only after touching the key, remaining other codes out of sight. It comes with a capacitive touch sensor, which you just need to touch it - not press. So you do not need to worry about your computer USB ports.

Below its a comparative table of each key described above:

c736692e6878a42be97807ebca7a67b9150f11925fb20fbb5ceea71a3a7c121e.png

After this comparison, we can make some analysis:

1) Though Thetis has another key model with BLE, it has only FIDO protocol and comes with a physical button too, which makes the keys made by Yubico in advantage.

2) Though Feitian has a lot of key models, including a cheap one costing US$19, the shipping cost are high. The keys with BLE connection may have some bugs and flaws. So, if you're going after a Feitian key, prefer the ones which comes with NFC only.

3) Regarding compatibility, the Yubico keys are way ahead, with the Yubikey coming with a lot of standards which can be used in other things like encryption.

4) Regarding usability, all keys are good to go, you can carry all with you in your pocket or in your keychain.

Its important to notice that each individual has its own needs, and what is best for me may not the the best for you. Another important advice is to acquire at least 2 keys, and its important to buy at least one that has a wireless connection like NFC (or in last case, with BLE), so you can use your key with your mobile devices.

Though those keys provide the most secure authentication method, its very important to have safe habits, like always logging off before closing the browser, using an antivirus software, update all your softwares regularly.

Important info: 1 - The prices may vary. For US & Canada, the Feitian Multipass Security Key costs US$37.50 + shipping.

                          2 - Prices shown by August 2020.

How do you rate this article?


19

0

Bandeirante Digital
Bandeirante Digital

Addicted for security, mainly digital security, my goal is to spread knowledge over the world about digital security, finance and digital investments.


bandeirantedigital
bandeirantedigital

Blog with content related to finance, digital investments and digital security

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.