MIDDLETOWN, DE / ACCESSWIRE / August 13, 2019 / Phishing attacks are increasing in volume and severity. The most common form of phishing is tricking you to visit and log into fake websites, where hackers then steal your password. As both hackers and their methods are becoming more sophisticated, it also becomes increasingly difficult to distinguish between real and fake websites.

Enter a new-gen security key, the MIRkey.

Google recently told Business Insider that they "have had no reported or confirmed account takeovers since implementing security keys at Google". This means that since approximately 2017, none of Google's 85 000+ employees was successfully phished on their work-related accounts. And, according to a Google spokesperson: "Security keys now form the basis of all account access at Google". This is impressive for a company the size of Google and was all as a result of using a physical security key.

Security keys are a superior alternative to two-factor authentication (2FA) OTP codes. The problem with OTP codes is that the code is entered on the phishing website along with the user's password - allowing account takeover when the hacker uses the correct credentials with the OTP on the actual website.

In contrast to OTP codes, the MIRkey security key performs an authentication protocol known as FIDO2, allowing users to complete the login process by simply inserting the device and pressing a button to indicate user presence. Your security key is registered with an account such as Gmail, Coinbase, or Dropbox with the aid of public key cryptography. What this ultimately means is that even if you inadvertently end up on a phishing site the hacker wouldn't be able to take over the account without physical access to your security key that contains a private key for the account.

Most modern browsers now support the authentication specification known as WebAuthn where you don't need any special software or drivers to be able to use the key. This eases rollout across the whole enterprise and enables strong multi-factor authentication with most known account services such as Google, Coinbase, Facebook, GitHub, Amazon, SalesForce, LastPass etc.; and password-less login with Microsoft Hello for business accounts.

Besides securing cryptocurrency exchange logins such as Coinbase, as a hardware wallet the MIRkey allows you to store, send, and receive digital currency such as Bitcoin. If you purchase or trade cryptocurrencies, it is crucial to make sure the coin's private keys are secure. The MIRkey integrates with popular software like Electrum to allow you to easily send and receive currency while still keeping the private key safe on the MIRkey - even if your computer is compromised.

The MIRkey is also a general purpose PKCS#11 compliant Hardware Security Module (HSM) and therefore works out of the box with existing software like Adobe Reader DC (for document signing and encryption), VPN clients (that is, OpenVPN), OpenSSH, Thunderbird (signing and encrypting emails), Firefox, Disk volume encryption (VeraCrypt) and any application that uses the PKCS#11 API.

A software development kit allows the integration of custom applications with the MIRkey to help secure production lines, protect IoT server keys, sign software activations and assists with general key management. These keys are stored encrypted with master keys in tamper-proof silicon that can only be unlocked with the user password. Its hardware and operating system-free nature, safeguards your keys from being stolen or copied without your knowledge. This protects your keys from ransomware as well as malware and viruses. Cryptographic operations are performed on the MIRkey itself - therefore, the keys never leave the secure module. This prevents access to the keys even when a system is compromised.

About ellipticSecure (ellipticsecure.com)

ellipticSecure specializes in Cybersecurity products like PKCS#11 Hardware Security Modules, Hardware Security Keys, Bitcoin wallets and Hardware-as-a-Service services. Safe, secure key management for both enterprise and individual use.

SOURCE: ellipticSecure