SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
Story image
Keeper Security introduces hardware key as sole 2FA method
Thu, 18th Jan 2024

Keeper Security, the provider of zero-trust and zero-knowledge cybersecurity software, has announced the introduction of support for hardware security keys as a solitary Two-Factor Authentication (2FA) mechanism. This innovation allows an enhancement of overall security with a robust physical second factor, curtailing the chances of remote attacks and reducing reliance on mobile devices. It is possible for administrators to enforce the use of a hardware key as the single 2FA method and to implement more stringent restrictions by requiring a PIN.

As cybercriminals evolve in sophistication and challenge formerly robust defences, stronger authentication factors are becoming essential. Traditional 2FA methods, including SMS and Time-Based One-Time Password (TOTP), can be exposed to social engineering and SIM swapping risks. Due to such vulnerabilities, the National Institute of Standards and Technology (NIST) has stopped recommending the use of SMS authentication, prompting organisations and individuals to seek more secure 2FA alternatives.

"Cybercriminals are creative and relentless in their mission to break historically secure solutions," commented Craig Lurey, CTO and Co-founder of Keeper Security. He added, "Many organisations are transitioning to hardware-based 2FA devices like YubiKey. With Keeper, administrators now can enforce hardware security key usage as the sole 2FA option, providing users with a simple, user-friendly, yet highly secure authentication method."

While Keeper has previously supported hardware security keys, users were required to have a backup 2FA option aside from their security key. However, both enterprise and consumer users can now utilise a security key as their only 2FA method. Keeper allows users to possess multiple security keys, facilitating backup keys or keys for multiple devices in various locations.

Existing users can log in to the Keeper Web Vault or Keeper Desktop App version 16.10.12+ to eliminate other 2FA methods if they opted to solely use a security key. Administrators can also insist their users enable a PIN (FIDO2 user verification) with their security key, providing additional protection to their organisations. Keeper supports login on iOS and Android devices using a security key, but establishing a security key as the only 2FA method must be executed on the Web Vault or Keeper Desktop App.

This development follows Keeper’s recent announcement of Granular Sharing Enforcements for its platform. Enterprises choose Keeper for its robust security architecture, capacity to support federated and passwordless authentication with any identity provider, effortless integration into on-premises, cloud or hybrid environments and user-friendly interface across desktop and mobile devices. Keeper Security Government Cloud Password Manager and Privileged Access Manager has obtained authorisation from FedRAMP and StateRAMP, ensuring the Keeper Security zero-trust security framework along with a zero-knowledge security architecture, so users have full knowledge, control and management over their credentials and encryption keys.