AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Msecure and yubikey3/21/2023 Fortunately for both of us, passwords aren’t going bye bye anytime soon and mSecure has a lot more utility than a password manager. on many devices while they continue to be used. For now, keys seem the best way to go and the most secure way to access passwords, etc. Hardware keys may or may not be the answer. A hardware key would fix that annoyance and plug that hole.Īlso ironically, passwords are slowly being phased out. I change the mSecure password regularly, so unless I memorize it, I have to save it (ironically) in the app and use Face ID on my phone to look it up for use on a PC, Mac, etc. I use random eighteen character passwords for everything, including mSecure. After considering my need for it, I’ve boiled it down to a couple of reasons. I can appreciate the technicalities involved with integrating a hardware key. If any of those passwords are made weaker for the sake of convenience, the security for your accounts is also weakened. That means a strong password for each online account, 2-factor authentication set directly on each account, and a strong password set for your mSecure account. In the end, it is always best to have a very strong password set for EVERY access point to your sensitive information. It would keep you safe from thieves getting access to your mSecure app, but it would make the data stored locally less secure. So if you were to use a weaker password to unlock mSecure thinking that the YubiKey keeps you safe, that's only half correct. While the same key is used to protect your information, that key is encrypted with your account's password. Locally on your device, however, the security is a bit different. That protects your data stored in any cloud service from being compromised. For mSecure, the data is protected by an incredibly strong key called your Account Key, which is a randomly generated key. There's something very important to remember though. However, with a YubiKey, you could have a more memorable password to unlock mSecure, but it would still be safe, because the app can't be opened without your YubiKey. If the password manager is secured with a strong password, it's already next to impossible to get access to the app. At that point, the only way to get to your bank account is through either some type of brute force attack directly on the site which is highly unlikely to succeed, or to find the credentials in your password manager. Then you store your bank's credentials in mSecure. You make sure to have a very strong password set for your bank account that doesn't have direct YubiKey or 2-factor support. So far as I can see, the most important use case for providing protection to your online accounts with YubiKey support in mSecure is as follows. At that point, YubiKey support for mSecure would make a difference but only marginally, since even if a thief had access to your bank's credentials through your mSecure app, they still wouldn't be able to get into your bank account without your YubiKey. Of course, the most secure thing to do would be to make sure the password on the account was very strong, add YubiKey as a second factor of authentication for the bank account itself, then store the credentials in mSecure. To actually make those weak credentials stronger, you could use YubiKey directly on the bank account if it was supported by the bank's website. It would only help the weak credentials stored in mSecure from being discovered. For example, if you have a weak password being used for one of your bank accounts (which is probably unlikely, I know), then YubiKey support for mSecure won't help protect your bank account from being hacked. It would only provide greater protection for the data stored in mSecure, but that data is only a record of the credentials used for your actual accounts. YubiKey support for mSecure would not actually provide a greater level of protection for your financial information. This may be obvious, but there is one thing to mention in response to post. Thank you for the added feedback so far everyone!
0 Comments
Read More
Leave a Reply. |