Which key should I buy ?

There are 2 streams for secure login system as Google and Microsoft methods. Since they provide various kinds of cloud service and browsers, it is very convenient for most of users to use either one. Both giants are claiming vulnerability of password. But Google’s tow step verification still continues to use password as the first step. ExcelSecu FIDO/U2F key FD200 can be used at the second step. Although it is troublesome to use password, FD200’ price is so low as to spend a little budget to improve your login system. Everybody, even enterprises prefer to buy FD200 as an initial investment for strong security. There are no key with lower price than FD200 so that you are recommended to buy FD200. Enterprise with more than 500 employee spends USD 12.00 for each key as 40% bulk discount.

Microsoft recommends to adopt fingerprint FIDO2 Security key such as ExcelSecu FIDO2 Security Key FD210. There are several vendors to provide them, but eSecu FD210 offers USD 37.20 for each for 40% bulk discount for more than 500 members. You will understand how easy to log in to cloud services by just touching a fingerprint sensor with your registered finger.

According to the various statics, the password is a major target of cyber-attacks such as phishing, hacking and virus. However, they are the most convenient tool to log in to the system or the cloud service, because it does not cost any price. People must use passwords for login to many systems, today. They use several different and simple passwords for their credentials for more than 50 different systems, simply because it is hard to memorize them. Today, we cannot escape from this password problems. Especially, the enterprise must adopt any security to protect his computer system from cyber-attacks. Especially, the remote authentication of the cloud server requires the strongest security for its login.

In order to strengthen login security, another credential is an addition to or in replacing with passwords. Password is the sequence of characters to be stored in the users’ brain or to be memorized. In other words, passwords are classified as “what we know”. Even if we use the second password or an answer to the designated question, it just makes “what we know” complicated. We cannot increase another factor for authentication. Another factor for authentication can be listed as 

1. What you know (password, PIN) 
2. What you have (key, card) 
3. What you are (biometrics)
4. Where you are (IP address, device, --). 

One of 2FA strengthens the security by adding the other factor to the conventional password authentication. Since the password is typed by users, this method must adopt the procedure of 2 steps in addition to the password matching step. Google, Facebook, Twitter is adopting this type of authentication. The 2nd step authentication can use security codes such as 6 digit figures sent by email or SMS on the smartphones. The stronger security is achieved by use of the external hardware key such as ExcelSecu FD200, FD202, FD203 over USB, NFC or BLE connections.

FIDO U2F protocol in compliance with FIDO alliance is categorized into 2 step 2FA authentication. Google Chrome, Facebook and Twitter provide the login service of this type so that any additional software is not necessary for users to log in Google, Facebook and Twitter accounts in the cloud. Google applications such as Gmail, Google Education are logged in via Google account by way of Single Sign On (SSO). General Cloud applications except Salesforce or Box can also be logged in by setting SSO protocol of the trust federation from Google server to Application server.

ExcelSecu FD210 Fingerprint FIDO2 Security Key, which can execute 2FA, is also used for Google login. In order to work on Google system, the U2F key is used after password authentication. In 2021, Google announced plans to enable two-factor authentication (or two-step verification as it’s referring to the setup) by default to enable more security for many accounts. Now it’s Cybersecurity Awareness Month, and Google is once again reminding us of that plan, saying in a blog post that it will enable two-factor for 150 million more accounts by the end of this year.

Microsoft has been working on password-less authentication by use of software or hardware authenticator with biometrics authentication. ExcelSecu FIDO2 Security Key FD210 is a hardware authenticator, which performs whole fingerprint authentication inside FIDO2 Security key. Therefore, the fingerprint template and authentication process is completely protected inside a security IC chip. The key remote authentication is performed in such a way that a random number is sent from the server as a challenge and the key returns signature of the challenge with the user secret key to the server as a response. The server receives the signature to be verified its genuineness by use of the user public key, which was sent in registration procedure in prior to authentication. The user public and private key are a PKI (Public Key Infrastructure) key pair, generated inside the FD210 key in registration procedure.

Fingerprint and Key are two credentials for 2FA so that the conventional passwords are not necessary for secure login to Microsoft accounts. Microsoft’s journey towards a passwordless future began in 2018 with the rollout of security keys and continued in 2019 when Windows 10 became passwordless. In 2021, all Microsoft accounts now support passwordless security. Users can use this security feature to access various apps and services including Microsoft 365, Microsoft Outlook, Microsoft OneDrive, Microsoft Family Safety, Microsoft Edge, and others

FIDO2 protocol consists of 1) WebAuthn protocol between Edge and the FIDO server in the cloud, and CTAP2 (Client To Authenticator Protocol) between Edge and FIDO2 Security Key. The protocol software are embedded both in FIDO2 Server in the cloud, Edge browser and FIDO2 Security Key so that any additional software is not necessary. The challenge and response remote authentication becomes active by Assertion signal inside FIDO2 Security Key, which is generated by the successful matching result of fingerprint authentication or the simple presence of the user with tapping a button on the key. FIDO2/U2F Key ExcelSecu FD200, used in 2 step 2FA above system can also be used in FIDO2 system. In addition to FIDO2 Security Key, Fingerprint authentication is realized by the built-in fingerprint system on PC desktop or smartphones, whose security level is inferior to FIDO2 Security Key. This is because some authentication part is executed by the software in users’ area.