Keeper now lets you use security keys exclusively for 2FA

News
By Lewis Maddison
published

You don't need a backup 2FA method anymore

YubiKey security key on keyboard
(Image credit: Formatoriginal / Shutterstock.com)

Keeper has announced it will now give its consumer and enterprise customers the chance to use security keys as their one and only method for two-factor authentication (2FA).

Previously, the password manager required that users have a backup method for authenticating a login if they chose to use security keys, but now that is no longer the case.

The company believes that using physical security keys "enhances overall security by providing a robust physical second factor, mitigating remote attacks and reducing dependency on mobile devices."

Safer 2FA

Those with Keeper administrator accounts can also enforce the use of security keys as the sole authentication method for all users at their organization, and even require a FIDO2 PIN code to be used with the security key too.

Keeper notes that typical methods of 2FA, such as SMS texts and Time-based One-Time Passwords (TOTP) are more vulnerable than ever, as cybercriminals launch increasingly sophisticated attacks to undermine these methods, such as social engineering and SIM swapping. 

The National Institute of Standards and Technology (NIST) has even removed the use of SMS texts for 2FA from its list of recommended authentication methods for this reason.

Keeper Security CTO Craig Lurey commented that "cybercriminals are creative and relentless in their mission to break historically secure solutions,” which is why "many organizations are transitioning to hardware-based 2FA devices like YubiKey."

According to Lurey, these offer "a simple and user-friendly, but highly secure authentication method."

Keeper users can have multiple security keys added to their account, so they can have backup keys, or have different keys in different locations or to use with different devices.

By logging into the web or desktop app for Keeper, users can remove other 2FA methods from their accounts if they only want to use security keys. Once this is done, users can then use security keys solely for 2FA with their iOS and Android devices as well.

MORE FROM TECHRADAR PRO

Lewis Maddison
Reviews Writer

Lewis Maddison is a Reviews Writer for TechRadar. He previously worked as a Staff Writer for our business section, TechRadar Pro, where he had experience with productivity-enhancing hardware, ranging from keyboards to standing desks.  His area of expertise lies in computer peripherals and audio hardware, including speakers and headphones, having spent over a decade exploring the murky depths of audio production and PC building. He also revels in picking up on the finest details and niggles that ultimately make a big difference to the user experience.