YubiKeys. Source: Twitter/@Yubico
It was a crazy week for Binance: first, there was the 7,000 BTC hack, which was followed by heated debates about Bitcoin block reorganization, and finished with mutual public apologies.
Now, the major cryptocurrency exchange is working on new security measures. One of the new implementations is going to be a Universal 2nd Factor (U2F) support. It will let users protect their accounts with hardware devices like YubiKey and its alternatives.
According to Binance CEO Changpeng Zhao, they’ll start to support such devices "very soon": "We will run an event and give away 1,000 YubiKeys as soon as that feature is implemented."
What exactly is YubiKey and how does it secure your account?
YubiKey by Yubico, a Silicon Valley headquartered company, is a U2F device which aims to strengthen and simplife two-factor authentication (2FA) process. It utilizes FIDO2, WebAuthn, and FIDO Universal 2nd Factor open authentication standards, as well as USB-A, USB-C, and NFC technologies.
A physical key is deemed to be the most secure 2FA method. Solutions by Yubico are deployed by some of the biggest tech companies including Google, Facebook, GitHub, Salesforce, Dropbox, as well as the governments of the United Kingdom and Turkey. According to KrebsonSecurity, there were no reported or confirmed employer account takeovers since implementing the security keys at Google.
The keys work the following way: when logging in into your account, you are prompted to insert the encrypted hardware key into your computer. Hence, even if someone manages to get their hands on your password, they still can’t do anything. Besides, the keys don’t work on phishing sites. All-in-all, unlike with SMS or Google authentication, there are very few ways for the hackers to get your hardware device. YubiKey can also be used with mobile devices. Consumer grade products retail for USD 20 – USD 60.
Congrats for @Yubico and @cz_binance @cz_binance for the future of crypto security… Having hacked before on bittrxx I know how it feels to lose a big portion of my money =( ..
U2F security will bring the masses to crypto ! Can't wait !
— prozic (@prozic) May 10, 2019
For example trading bots typically have an API key, just a string password, to login and trade, deposit, or withdraw. That authentication should be hardened with a Yubikey to make it much harder to abuse the API as you can't simply steal a password.
— Warren Togami (@wtogami) May 10, 2019
There are several U2F hardware key providers. Users can choose devices like Google Titan Key, Thetis, and Kensington but their devices are not as widely supported as Yubico.
Watch the latest reports by Block TV.
Binance is not the first exchange to implement U2F authentication. Exchanges like Bitfinex, Kraken, Coinbase, BitMEX, BitBay, BitGo, Coinfloor, and Nanex have already implemented hardware 2FA verification options. Meanwhile, other security-minded crypto exchanges might implement the U2F authentication option in the future as the circle of established and unhacked cryptocurrency exchanges is shrinking.