As a security key Yubikey protects against phishing attacks

Phishing (from the word “fishing”) or a phishing attack is one of the most dangerous and at the same time common social engineering methods used by cybercriminals. It is based on mass mailings of e-mails and short messages on behalf of well-known brands, banks, charitable organizations, government structures or even from good acquaintances. The links contained in such emails lead to a fake site where the user enters data and thus compromises it, essentially voluntarily sending their complex passwords and bank card details to the fraudsters.

In 2020, 75% of businesses worldwide suffered phishing attacks. According to IBM, every fifth company out of the total number was affected.

How dangerous are phishing attacks?


Phishing attacks are very inconspicuous, but very dangerous. You may not even realize that at some point you became their victim. Long and complex passwords do not help against phishing, and additional protection factors such as one-time passwords in SMS hardly save, as they can also be intercepted. Quite a lot of people fall for the bait of fraudsters for the following reasons:

  • phishing sites are very similar to sites you are used to using;
  • the letter in the mailing list may not differ from similar previous letters of the company, especially if its website was previously hacked by fraudsters;
  • even if the attackers just copied the design of the letter and created a similar address, the subject may be very attractive and you will want to open the letter and the link, if it contains, for example, a gift or a discount;
  • also the subject of the letter can scare you, for example, if the message says that the account on some important service for you will be blocked if you do not enter data for confirmation;
  • you may receive a letter from someone you trust and not suspect that their account has been hacked;
  • sometimes fraudsters deliberately get to know each other in advance and communicate for a long time until you begin to trust them, after which they begin to attack you;
  • you can become a victim of surveillance, so you will receive the news you are waiting for: you can really expect some winnings if you play the lottery; or, for example, you may expect to receive some form of welfare payment, especially if you have previously applied.

Отримавши доступ до одного облікового запису, шахрай може отримати доступ до десятків або сотень нових контактів у вашій електронній книзі. The attackers’ goals are:

  • use of malicious code;
  • theft of confidential information;
  • obtaining a database of contacts;
  • access to bank accounts.

How a security key can help in this matter


As we mentioned above, there are practically no additional protection measures in the form of two-factor authentication against phishing attacks, since any messages can be intercepted or stolen by viruses from your devices. But there is an exception. YubiKey Security Keys can help protect both home network users and corporate employees from phishing, as it is a physical factor that supports asymmetric encryption. To understand how it protects, consider the principle of operation of the key.

  1. When registering a key on the site or in the operating system, the server sends a request to the key for authentication, in response, the key generates a closed digital signature and sends it to the server. Be careful, it is better to disable alternative login methods during key registration so that an attacker cannot use them and bypass verification. It is more reliable to purchase a second (spare) key and specify it.
  2. When you log in to the account of the original site where you previously registered the key, the server asks you to confirm the login with the key. It is necessary to insert it into the socket and touch the indicator that determines the presence of a person. If you insert the key, touch the indicator, and within a short time the key is not connected to the device, then authorization does not occur. So, this site is not what it claims to be.
  3. If the site turns out to be fake (phishing), the server will not send a request to verify the account owner using a security key. Therefore, even if you accidentally enter data on it, a hacker will still not be able to break into your account without having the real key.

Why YubiKey


  • YubiKeys were made to order for US government sites and have long been used by Google and Meta employees.
  • YubiKeys support FIDO2 and FIDO2 U2F protocols, OTP passwords and asymmetric encryption.
  • It is impossible to copy data from YubiKeys. That is, if a hacker tries to break the USB connector on the device, he will not copy anything from it and will not be able to steal the private key.
  • YubiKey’s keys have different form factors, which allows you to choose them for different devices, including keys with NFC support.
  • In addition, YubiKey keys are supported by all popular services with increased security requirements: Google, Binance, GitLab, GitHub, Dropbox.

These are far from all the advantages of the original and reliable YubiKey devices, which are already used by millions of people in 160 countries of the world. You can verify their reliability yourself and choose the right device for you in our online store.

If you are interested in YubiKey software or custom order, you can contact our managers.

What is multifactor authentication?

What is multifactor authentication? What is multifactor authentication and when is it appropriate to use it Account protection with the help of one factor – a complex password – ceased to be reliable about two decades ago. Therefore, network users are recommended to...

Academic account security

Academic account security – checklist for developers, students, and teachers Academic Account Security – A Checklist for Developers, Students, and Teachers The education sector faces cyberattacks no less than other areas. Over the past 2 years from ransomware attacks...

Is the password-free world real?

Is the password-free world real? Is the password-free world real? There have been talks about a passwordless future for a long time, but for a long time many companies were not yet ready to switch to new technologies. They had questions about security,...

Yubikey smart card mode without additional equipment

The idea of the first smart card was patented by the French inventor Roland Moreno back in 1974. Today, we already use this technology every day and cannot imagine how we can do without it: SIM cards, electronic travel tickets and passports, keys to hotel rooms, employee passes of closed enterprises, and bank payment cards work in smart card mode.

Two-factor authentication

Two-factor authentication Two-factor authentication In the modern world of computer tech, when it comes to information and personal data protection the use of passwords only is no longer reliable. It’s no secret, that even complex combinations of words, digits and...

How to choose a quality USB token or security key

What is a USB token and how to use itThe concept of a USB token Since protecting accounts with a login and password has long been outdated, back in the early 2000s, many manufacturers began to offer USB tokens as an alternative solution. These are hardware keys for...

How to protect your password from theft

The password is the first degree or first factor of protection against account hacking. It's very important to take care of its security, because if hackers steal your password, your personal data, documents, important correspondence and much more will be at risk. In...

What is 2-Step Verification

What is two-step authentication?It is very unpleasant to imagine, even for a moment, a situation in which an outsider gains access to your personal account on a PC. After all, in this case, the attacker can: view personal correspondence; copy photos intended only for...

As a security key Yubikey protects against phishing attacks

As a security key Yubikey protects against phishing attacksPhishing (from the word “fishing”) or a phishing attack is one of the most dangerous and at the same time common social engineering methods used by cybercriminals. It is based on mass mailings of e-mails and...

How to protect your account from hacking – the most relevant security measures

How to protect your account from hacking – the most relevant security measures How to protect your account from hacking – the most relevant security measures Fraud and theft of data on the network is a fairly common problem for both ordinary users and corporations....