As a security key Yubikey protects against phishing attacks

Phishing (from the word “fishing”) or a phishing attack is one of the most dangerous and at the same time common social engineering methods used by cybercriminals. It is based on mass mailings of e-mails and short messages on behalf of well-known brands, banks, charitable organizations, government structures or even from good acquaintances. The links contained in such emails lead to a fake site where the user enters data and thus compromises it, essentially voluntarily sending their complex passwords and bank card details to the fraudsters.

In 2020, 75% of businesses worldwide suffered phishing attacks. According to IBM, every fifth company out of the total number was affected.

How dangerous are phishing attacks?


Phishing attacks are very inconspicuous, but very dangerous. You may not even realize that at some point you became their victim. Long and complex passwords do not help against phishing, and additional protection factors such as one-time passwords in SMS hardly save, as they can also be intercepted. Quite a lot of people fall for the bait of fraudsters for the following reasons:

  • phishing sites are very similar to sites you are used to using;
  • the letter in the mailing list may not differ from similar previous letters of the company, especially if its website was previously hacked by fraudsters;
  • even if the attackers just copied the design of the letter and created a similar address, the subject may be very attractive and you will want to open the letter and the link, if it contains, for example, a gift or a discount;
  • also the subject of the letter can scare you, for example, if the message says that the account on some important service for you will be blocked if you do not enter data for confirmation;
  • you may receive a letter from someone you trust and not suspect that their account has been hacked;
  • sometimes fraudsters deliberately get to know each other in advance and communicate for a long time until you begin to trust them, after which they begin to attack you;
  • you can become a victim of surveillance, so you will receive the news you are waiting for: you can really expect some winnings if you play the lottery; or, for example, you may expect to receive some form of welfare payment, especially if you have previously applied.

Отримавши доступ до одного облікового запису, шахрай може отримати доступ до десятків або сотень нових контактів у вашій електронній книзі. The attackers’ goals are:

  • use of malicious code;
  • theft of confidential information;
  • obtaining a database of contacts;
  • access to bank accounts.

How a security key can help in this matter


As we mentioned above, there are practically no additional protection measures in the form of two-factor authentication against phishing attacks, since any messages can be intercepted or stolen by viruses from your devices. But there is an exception. YubiKey Security Keys can help protect both home network users and corporate employees from phishing, as it is a physical factor that supports asymmetric encryption. To understand how it protects, consider the principle of operation of the key.

  1. When registering a key on the site or in the operating system, the server sends a request to the key for authentication, in response, the key generates a closed digital signature and sends it to the server. Be careful, it is better to disable alternative login methods during key registration so that an attacker cannot use them and bypass verification. It is more reliable to purchase a second (spare) key and specify it.
  2. When you log in to the account of the original site where you previously registered the key, the server asks you to confirm the login with the key. It is necessary to insert it into the socket and touch the indicator that determines the presence of a person. If you insert the key, touch the indicator, and within a short time the key is not connected to the device, then authorization does not occur. So, this site is not what it claims to be.
  3. If the site turns out to be fake (phishing), the server will not send a request to verify the account owner using a security key. Therefore, even if you accidentally enter data on it, a hacker will still not be able to break into your account without having the real key.

Why YubiKey


  • YubiKeys were made to order for US government sites and have long been used by Google and Meta employees.
  • YubiKeys support FIDO2 and FIDO2 U2F protocols, OTP passwords and asymmetric encryption.
  • It is impossible to copy data from YubiKeys. That is, if a hacker tries to break the USB connector on the device, he will not copy anything from it and will not be able to steal the private key.
  • YubiKey’s keys have different form factors, which allows you to choose them for different devices, including keys with NFC support.
  • In addition, YubiKey keys are supported by all popular services with increased security requirements: Google, Binance, GitLab, GitHub, Dropbox.

These are far from all the advantages of the original and reliable YubiKey devices, which are already used by millions of people in 160 countries of the world. You can verify their reliability yourself and choose the right device for you in our online store.

If you are interested in YubiKey software or custom order, you can contact our managers.

Fingerprint scanner on a smartphone – how reliable it is

Fingerprint scanner on a smartphone — how reliable it isFingerprint scanner on a smartphone – how reliable it is Even 20 years ago, few people wondered why a fingerprint scanner was needed, and today it is present on many smartphones released after 2014. Agree, it is...

Academic account security

Academic account security – checklist for developers, students, and teachers Academic Account Security – A Checklist for Developers, Students, and Teachers The education sector faces cyberattacks no less than other areas. Over the past 2 years from ransomware attacks...

What is multifactor authentication?

What is multifactor authentication? What is multifactor authentication and when is it appropriate to use it Account protection with the help of one factor – a complex password – ceased to be reliable about two decades ago. Therefore, network users are recommended to...

Cybersecurity outsourcing – is it really dangerous and expensive?

Cybersecurity is a constant race against the clock: hackers find vulnerable chains and try to gain access to confidential information, while security experts build security systems that attackers try to break into after a while. And this happens all the time....

How the YubiKey protects against brute-force attacks: technicalities of attacks and key encryption

How the YubiKey protects against brute-force attacks: technicalities of attacks and key encryptionBrute force attacks are one of the most common hacking methods. It is considered one of the simplest, because in fact, in order to start an attack, an attacker only needs...

How to protect your password from theft

The password is the first degree or first factor of protection against account hacking. It's very important to take care of its security, because if hackers steal your password, your personal data, documents, important correspondence and much more will be at risk. In...

How to protect yourself and colleagues from persuasive social engineering “specialists”

How to protect yourself and colleagues from persuasive social engineering “specialists”How could it be that Olena downloaded the virus, believing that by following the link she would receive a brand new iPhone as a gift? Did Oleksiy do better than Elena by inserting a...

Ways to log in to the Windows OS without a password

Ways to configure passwordless login in the Windows OSWays to log in to the Windows OS without a password Access to the operating system account should be simple but secure. Especially if the device can be used by several other people – in an office, co-working space...

Is the password-free world real?

Is the password-free world real? Is the password-free world real? There have been talks about a passwordless future for a long time, but for a long time many companies were not yet ready to switch to new technologies. They had questions about security,...

How to protect your account from hacking – the most relevant security measures

How to protect your account from hacking – the most relevant security measures How to protect your account from hacking – the most relevant security measures Fraud and theft of data on the network is a fairly common problem for both ordinary users and corporations....