Test: Security Keys – Digi.no

Test: Security Keys - Digi.no

Security is often impractical. For example, you must have unique passwords for all the services you use, and they must be so complex that you won’t be able to remember them all anyway.

Two-factor authentication should make login more secure, But here, too, there are weaknesses.

After Google introduced two-factor authentication, they saw the number of data breaches halve. Many people then choose to use SMS as a second factor, but this is not necessarily very secure. In 2019, Dagens Næringsliv wrote about how blogger Sophie Elise Isachsen’s phone number was hijacked. (Requires subscription).

Using a physical security key is one of the best security measures you can take. This past summer, the municipality of Trondheim presented it and won huge acclaim from security expert Per Thorsheim at Phipps.

But which key fob to choose? We tested six different switches that are certified under the FIDO security standard, which many people support.

What will you use it for?

There are many things to consider before buying. Are you only going to use it for work? Is this the chip you will use for all services? What devices do you have?

The best answer is to look for a chip that works with all your devices, that lets you sign in to all the services you use, and that also supports physical two-factor authentication.

Another important thing to think about is that it’s a good idea to have two keys. If you lose one, have a backup in a safe place. If you don’t have this, you should use another solution as a security option. But then part of the point of using the security key is lost.

In our testing, we tested one key from Kensington, three keys from the Swedish market leader Yubico, as well as two keys from SoloKeys, a US company focused on open source code.

Best for you on a budget, cheap and good

The cheapest switch from Swedish Yubico differs from other switches with a blue design. Photo: Oscar Hope Pulsrud

The cheapest option is the Yubico Basic Keys in the company’s “Securitiy Keychain”. We tested the USB-C version, but it’s also available with USB-A. YubiKey C NFC has everything most people need.

In our testing, we had no problems with it, and the switch worked on Windows, Mac and Chrome OS, as well as supported both Android and iOS thanks to an NFC chip. The key has some limited encryption and security features which, according to Yubico, means it doesn’t support the likes of the LastPass password program.

Grade 7/10.

If you want a chip for backup, or don’t bother owning a fingerprint reader, this is the most natural security key to buy. The only reason to switch to a more expensive key is if your workplace systems require some specific encryption that YubiKey C NFC doesn’t have. Like all keys in the test, the key is FIDO certified, the most widely used certificate for multi-factor authentication online.

See also  Just in time - ITavisen

we had fun We didn’t like it
– Cheap Lack of some certifications
– waterproof – No cap, you can feel weak
Good build quality

The key costs 450 NOK

Best biometric chip

Security key with fingerprint reader and USB C.
The fingerprint reader in YubiKey Bio is large and easy to use. Photo: Oscar Hope Pulsrud

Here, too, the Yubico ports are at the top. While the Yubico Key’s design isn’t as compact and protected as Kensington’s biometric competitor, the YubiKey Bio USB-C is the better of the two biometric keys we tested. This is mainly because the key from Yubico not only has a good fingerprint reader, but also because it supports mobile phone.

In our tests, YubiKey Bio worked for everything we needed to do. The only place we couldn’t use the switch was on iOS – mainly because the switch doesn’t have NFC and needs to be plugged into a power source. Apple doesn’t yet have USB-C on its phones, and Yubico doesn’t offer a Lightning version of the dongle. There may be changes so that the switch can support the iPhone after the EU decision on USB-C.

The YubiKey Bio USB-C is pretty much the same as the Budget Key. So it has the exact same weaknesses. There are no major vulnerabilities, just a lack of support for some advanced security standards. We didn’t have any issues with a lack of support in our testing, but it’s disappointing that the most expensive security key in the test doesn’t support the most advanced standards.

we had fun We didn’t like it
– Large and responsive fingerprint reader – No protective cover
– waterproof Some certificates are missing
Good build quality – No NFC or iPhone support

The key costs 1200 NOK

The full key also fits with your iPhone

Perhaps the most famous security key is the Yubikey 5, here in the USB-A variant
Perhaps the most famous security key is the Yubikey 5, here in the USB-A variant. Photo: Oscar Hope Pulsrud

If you are an iPhone user, this is a perfect keychain if you don’t want to be able to scan the chip using NFC.

We tested the YubiKey 5 NFC, which supports USB-A and NFC, but the key is also available in a version called 5Ci, which supports Lightning and USB-C.

I’ve worn the key we tested as a personal tag for over two years, and aside from some dirt, there isn’t much noticeable wear on it. Series 5 supports almost all types of encryption – including RSA 2048, RSA 4096 (PGP), and ECCP384. There is only one certificate that the key does not support, and that is FIPS 140-2. But the company also sells a separate version that supports this standard.

Unlike other keys from Yubico, this key also supports LastPass, as well as other password programs.

we had fun We didn’t like it
– He has a copy for everyone – The version with Lightning socket does not have NFC
– waterproof – No protective cover
– Durable build quality
– Supports almost all solutions
– Can be customized with stickers from Yubico

The key costs NOK 750

Almost the best, but missing the essentials

Kensington Verimark Guard USB-C has biometrics at the end.
The Kensington Verimark Guard USB-C has a fingerprint reader on the end. Photo: Oscar Hope Pulsrud

The Kensington Safety Key, after a casual tour of the editorial office, was a favorite in terms of appearance and size. It looks good, small, stylish and has a little extra protection. The switch is also cheaper than competing Yubico switches.

On the other hand, Kensington has no official support for Android and does not support iOS. This means that it is a pure computer key. But it does have a fingerprint reader, and if it supports mobile, it will probably be on top in this test.

In our tests, the chip was detected by Android, but we were unable to activate it with a fingerprint. We have tested with two keys on several phones. In return, we got the Kensington key to work fine in Windows, Mac OS, and Chrome OS. If it is important to have biometrics, also on your spare chip, this is a no-brainer. However, due to the lack of portable support, it is difficult to recommend it as a master switch. This also does not support LastPass.

we had fun We didn’t like it
– Supports Windows Hello – Does not support Android and iPhone
– protective cover Small fingerprint reader
Small form factor – Not as many security certificates as Yubico Keys

The key costs NOK 750.

nerds key

Two security keys, one with USB-C and one with USB-A
The keys are showcased by SoloKeys technology. It comes with a silicone cover, and you can also buy several different colors from the company. Photo: Oscar Hope Pulsrud

The two keys we tested from SoloKeys are for the particularly interested. The keys worked excellent during the testing period, and were it not for the fact that no one sells keys in Norway, and the keys have yet to be sold outside of crowdfunding site Indigogo, they would likely have beaten Yubico two keys without biometrics. SoloKey V2 is available in both USB-A and USB-C variants, both of which support NFC. We sent two early versions of the keys, one with a version 1 firmware of the key, and one with an incomplete firmware where the NFC didn’t work.

SoloKeys is unique in the security key market by having both hardware and software based on open source code. This means that you can go in and see exactly what your keycode does, thus making sure the keys don’t do anything other than what the manufacturer states. SoloKeys is an American company, but it also sells its keys in Germany. This means that transfers do not take long.

Grade 7/10.

There are contact surfaces on both sides of the USB-A switch. This way, you avoid the typical problem of having to flip the key several times before you can insert it correctly. It would have been practical if Yubico supported this as well.

The keys from SoloKeys also have multiple points of pressure on them to activate, which is very useful when you have to put the key in the back of your desktop computer.

The chips are the cheapest in the test, at NOK 380. But since it’s sent from Germany, VAT and any customs clearance fees come on top of the price, which means the keys actually quickly cost over NOK 600. Units are not on regular sale yet.

we had fun We didn’t like it
– Many activation points – May cost a little extra in fees
– Customization option with silicone cover – Currently for sale on Indigogo only
Open source code

The keys cost about NOK 400 plus VAT and customs duties.

Difficult to buy wrong

All switches we tested work well for their purpose. But switches from Yubico and SoloKeys beat Kensington switches due to smartphone support.

For most people, a cheaper Yubico will probably suffice. Supports all platforms including Apple thanks to NFC.

If you have special requirements, the YubiKey 5 series from Yubico is where you get the highest level of security. If you are going to buy chips for business, the YubiKey 5 series or the cheap Yubikey will probably be best. These have support for all devices, so you can secure both computers and mobile phones.

SoloKeys is an interesting player, and I would probably recommend them both if they are on sale regularly. If you want a lot, import costs will not be as high as if you only buy one or two. Thus, SoloKeys could potentially be an exciting contender in the future.

Hanisi Anenih

Hanisi Anenih

"Web specialist. Lifelong zombie maven. Coffee ninja. Hipster-friendly analyst."

Leave a Reply

Your email address will not be published. Required fields are marked *