As a security key Yubikey protects against phishing attacks

Phishing (from the word “fishing”) or a phishing attack is one of the most dangerous and at the same time common social engineering methods used by cybercriminals. It is based on mass mailings of e-mails and short messages on behalf of well-known brands, banks, charitable organizations, government structures or even from good acquaintances. The links contained in such emails lead to a fake site where the user enters data and thus compromises it, essentially voluntarily sending their complex passwords and bank card details to the fraudsters.

In 2020, 75% of businesses worldwide suffered phishing attacks. According to IBM, every fifth company out of the total number was affected.

How dangerous are phishing attacks?


Phishing attacks are very inconspicuous, but very dangerous. You may not even realize that at some point you became their victim. Long and complex passwords do not help against phishing, and additional protection factors such as one-time passwords in SMS hardly save, as they can also be intercepted. Quite a lot of people fall for the bait of fraudsters for the following reasons:

  • phishing sites are very similar to sites you are used to using;
  • the letter in the mailing list may not differ from similar previous letters of the company, especially if its website was previously hacked by fraudsters;
  • even if the attackers just copied the design of the letter and created a similar address, the subject may be very attractive and you will want to open the letter and the link, if it contains, for example, a gift or a discount;
  • also the subject of the letter can scare you, for example, if the message says that the account on some important service for you will be blocked if you do not enter data for confirmation;
  • you may receive a letter from someone you trust and not suspect that their account has been hacked;
  • sometimes fraudsters deliberately get to know each other in advance and communicate for a long time until you begin to trust them, after which they begin to attack you;
  • you can become a victim of surveillance, so you will receive the news you are waiting for: you can really expect some winnings if you play the lottery; or, for example, you may expect to receive some form of welfare payment, especially if you have previously applied.

Отримавши доступ до одного облікового запису, шахрай може отримати доступ до десятків або сотень нових контактів у вашій електронній книзі. The attackers’ goals are:

  • use of malicious code;
  • theft of confidential information;
  • obtaining a database of contacts;
  • access to bank accounts.

How a security key can help in this matter


As we mentioned above, there are practically no additional protection measures in the form of two-factor authentication against phishing attacks, since any messages can be intercepted or stolen by viruses from your devices. But there is an exception. YubiKey Security Keys can help protect both home network users and corporate employees from phishing, as it is a physical factor that supports asymmetric encryption. To understand how it protects, consider the principle of operation of the key.

  1. When registering a key on the site or in the operating system, the server sends a request to the key for authentication, in response, the key generates a closed digital signature and sends it to the server. Be careful, it is better to disable alternative login methods during key registration so that an attacker cannot use them and bypass verification. It is more reliable to purchase a second (spare) key and specify it.
  2. When you log in to the account of the original site where you previously registered the key, the server asks you to confirm the login with the key. It is necessary to insert it into the socket and touch the indicator that determines the presence of a person. If you insert the key, touch the indicator, and within a short time the key is not connected to the device, then authorization does not occur. So, this site is not what it claims to be.
  3. If the site turns out to be fake (phishing), the server will not send a request to verify the account owner using a security key. Therefore, even if you accidentally enter data on it, a hacker will still not be able to break into your account without having the real key.

Why YubiKey


  • YubiKeys were made to order for US government sites and have long been used by Google and Meta employees.
  • YubiKeys support FIDO2 and FIDO2 U2F protocols, OTP passwords and asymmetric encryption.
  • It is impossible to copy data from YubiKeys. That is, if a hacker tries to break the USB connector on the device, he will not copy anything from it and will not be able to steal the private key.
  • YubiKey’s keys have different form factors, which allows you to choose them for different devices, including keys with NFC support.
  • In addition, YubiKey keys are supported by all popular services with increased security requirements: Google, Binance, GitLab, GitHub, Dropbox.

These are far from all the advantages of the original and reliable YubiKey devices, which are already used by millions of people in 160 countries of the world. You can verify their reliability yourself and choose the right device for you in our online store.

If you are interested in YubiKey software or custom order, you can contact our managers.

What is 2-Step Verification

What is two-step authentication?It is very unpleasant to imagine, even for a moment, a situation in which an outsider gains access to your personal account on a PC. After all, in this case, the attacker can: view personal correspondence; copy photos intended only for...

How to choose a quality USB token or security key

What is a USB token and how to use itThe concept of a USB token Since protecting accounts with a login and password has long been outdated, back in the early 2000s, many manufacturers began to offer USB tokens as an alternative solution. These are hardware keys for...

How to protect your account from hacking – the most relevant security measures

How to protect your account from hacking – the most relevant security measures How to protect your account from hacking – the most relevant security measures Fraud and theft of data on the network is a fairly common problem for both ordinary users and corporations....

Cybersecurity outsourcing – is it really dangerous and expensive?

Cybersecurity is a constant race against the clock: hackers find vulnerable chains and try to gain access to confidential information, while security experts build security systems that attackers try to break into after a while. And this happens all the time....

Ways to log in to the Windows OS without a password

Ways to configure passwordless login in the Windows OSWays to log in to the Windows OS without a password Access to the operating system account should be simple but secure. Especially if the device can be used by several other people – in an office, co-working space...

Fingerprint scanner on a smartphone – how reliable it is

Fingerprint scanner on a smartphone — how reliable it isFingerprint scanner on a smartphone – how reliable it is Even 20 years ago, few people wondered why a fingerprint scanner was needed, and today it is present on many smartphones released after 2014. Agree, it is...

Yubikey smart card mode without additional equipment

The idea of the first smart card was patented by the French inventor Roland Moreno back in 1974. Today, we already use this technology every day and cannot imagine how we can do without it: SIM cards, electronic travel tickets and passports, keys to hotel rooms, employee passes of closed enterprises, and bank payment cards work in smart card mode.

As a security key Yubikey protects against phishing attacks

As a security key Yubikey protects against phishing attacksPhishing (from the word “fishing”) or a phishing attack is one of the most dangerous and at the same time common social engineering methods used by cybercriminals. It is based on mass mailings of e-mails and...

What businesses need to know about information security – an overview of technical tools

Unauthorised access to personal information, financial accounts or trade secrets can cause a lot of damage. This can lead to large losses due to the loss of reputation and financial assets, violation of user privacy, etc. Therefore, every person, organisation, business or financial institution must take care of data protection.

How to protect yourself and colleagues from persuasive social engineering “specialists”

How to protect yourself and colleagues from persuasive social engineering “specialists”How could it be that Olena downloaded the virus, believing that by following the link she would receive a brand new iPhone as a gift? Did Oleksiy do better than Elena by inserting a...