"The Password Isn't Dead Yet. You Need a Hardware Key"

Earlier this year, Cloudflare was one of hundreds of targets in a criminal phishing campaign that successfully breached a number of technology organizations. While some Cloudflare employees fell for the phishing emails, the attackers were unable to penetrate further into the company's infrastructure. As part of Cloudflare's security methods, all employees are required to use a physical security key when logging into all applications. Following the incident, Cloudflare announced a partnership with the hardware authentication token manufacturer Yubikey to provide Cloudflare clients with discounted keys. Cloudflare was not the only organization that valued the security offered by hardware tokens. Apple recently announced hardware key support for Apple IDs. The Vivaldi browser has also introduced Android hardware key support. As Cloudflare did, several big platforms and corporations have encouraged hardware key adoption and made their staff use them for years. However, this recent rise in interest and implementation is a response to the proliferation of digital threats. Hardware authentication is secure, as the key must be physically possessed and produced. This means that an online phisher cannot simply persuade someone into giving up their password, or even a password plus a second-factor code, in order to gain access to a digital account. This article continues to discuss the concept of hardware authentication and why its implementation would be beneficial to digital security. 

Wired reports "The Password Isn't Dead Yet. You Need a Hardware Key"