Hardware security keys, where are they?

Jeremy Stott

As hardware security keys became widely available, our keyrings were doomed to be clogged with dozens of USB devices. But years later, what happened? Governments have used smart cards for decades, and big tech companies rolled their own years ago. What about everyone else? It is clear that hardware security keys fill a huge gap in any threat model, but why are they still not a mainstream method of authentication?

Let’s look at how modern hardware security keys work, why they are such an effective authentication mechanism, what you would use them for, and how to tackle some of the challenges with rolling them out in your organisation.

About Jeremy

Jeremy gets excited about cloud providers announcing new features that fix their own security flaws, and likes to read payment processing standards for fun.

His background is in security, software engineering, and electronics with over 10 years of experience in misconfiguring cloud infrastructure, failing builds, runtime errors, and releasing blue smoke.

When his kids grow up, he will be able to pass on skills such as opening capacitive touch doors remotely, getting discounts at fuel pumps, and signing SSH certificates.