One last piece of advice: buy a YubiKey

Few take their safety seriously. I know some people think it’s a good idea to write the passwords in a real book – these timeless invocations are whispered in the eavesdropping of Amazon, Bank of America or Google by their presence, saving them from wearing glasses and trench coats – Dressed in “hackers”. These people ignore the piles of pending security updates and the entire inch of screen real estate that browser toolbars are missing.You just can’t let people store their bank credentials in plain text notes saved to iCloud or Drive because they care about their security because any Losing convenience is impossible for them. But almost every adult carries a set of car or home keys with them, and they have access to a very convenient solution.

ANDROIDPOLICE video of the day

I implore everyone reading these words to purchase a YubiKey and set up all the services they can use.

you need Two-factor authentication, hardware keys are the best

This is the easiest way to enhance your online security, and with all the constant hacking and lack of even basic security standards in so many companies, you need Having something more than a password between the world and any of your digital accounts worth more than $20. You can add a lot of things to the equation, and you can employ multiple 2FA (two-factor authentication) systems, such as SMS and email-based methods. But your security depends on the solution you choose, and hardware keys are the best option.

Granted, not all companies support 2FA or even hardware token-based 2FA. I recommend checking out the public list of 2FA-compatible online services, but most of the more popular non-financial services support two-factor authentication. Embarrassingly, Bank of America cares very little about their customers because only Bank of America supports large hardware security keys, and even ostensibly online-first banks like Ally, SoFi, and Capital One are firmly stuck in 2002 Some visions of the Internet. Your best hope is SMS-based authentication, which is a pretty bad idea considering the carrier’s low security.


As far as I know, like banks, carriers don’t actually care about you – just look at the steady stream of hacking attacks and the basic failure to meet even basic security standards. We’re all just revenue generators in exchange for overpriced data in the quarterly financial report columns. Carriers can hand over your phone number to anyone savvy to call, google your name, or even try half-hearted imitations. Don’t trust them.

For example, your phone number is basically as safe as your wallet, and you can be robbed, pickpocketed, and stolen. Just as you might not feel safe carrying thousands of dollars in cash all the time, don’t trust your phone number to be the last line of security for any high-value (like an important online account).

Hardware 2FA security keys are convenient – you don’t need to remember anything extra, just like carrying your house keys with you. If it’s stolen, someone else can’t magically get into your account. They also need your other credentials, which is the ultimate, hard-to-replicate hurdle. Even if your username and password end up in the hands of malicious actors, they can’t get in if you don’t have that jingle dongle in your pocket.

The upcoming passwordless standard also means that using hardware security keys can actually more Much more convenient than remembering and typing in a stupid long password – just enter your username, pop up, and you’re good to go. It doesn’t need to be changed every three to six months based on some geeky policy, it doesn’t end up being hacked or phished, and you don’t have to mess with another password or deal with a password manager again. This will be the epitome of convenience and security.

Seriously, buy a YubiKey

I’ve said “buy a YubiKey” before, but I should stress that I don’t particularly like Yubico over other hardware 2FA companies. Really, any recent hardware 2FA key will do, as long as it works well with FIDO2 and WebAuthN (for the upcoming passwordless standard) and supports the ports you need. But YubiKeys sell in more places, they tend to release models that support newer standards faster, they offer a wider range of ports for device compatibility, their products are externally audited, and they’re mostly black, so they don’t Will be stained or show as much wear and tear as light colored models. (They also have fun stickers to make your keys less boring – maybe dbrand should look into that.)

Buy YubiKey 5 Series

Yubico from $45

I personally recommend YubiKey 5C or YubiKey 5C NFC, but you should choose based on the device you are using. If you have an older computer, something with a USB Type-A might be important, and if you have an iPhone, you might need a YubiKey 5Ci with a Lightning connector. I also recommend that you have at least two and keep a backup at home in case your keys are lost. If money is tight, go for the more basic $29 Type-C model — it doesn’t support all the standards the more expensive models do, but it’s fine for 99% of people.

Last year, I also reviewed a keychain made specifically for YubiKeys.You really do not Need to buy one, but it’s stylish, not too expensive, and it’s perfect for YubiKeys and your own standard size keys.

Buy Yubikey ‘Security Key Series’

from $25

YubiKey is an easy choice, but if a fancy color catches your eye, or you just want to be a mild contrarian, you can also easily get a different brand. Google, Feitan, Kensington, and many others make or resell models, and this is one area where you should avoid no-name Amazon specials. But here is my last piece of advice to you: Purchase a two-factor hardware security key.

That’s it, bye

I have more advice and suggestions (good and bad), although I’ll have to keep it a secret from now on.I’ve “pulled a dieter” next time you hear from me outside of my regular stream Cabin-related Twitter content, I would be both excited and terrified of my new discoveries at OSOM. (As some of you may have noticed, this is why I haven’t written about them in a while, a decision made by Android Police out of concern and caution.)

On my way out, I have some final hot shots, and I no longer have to come up with well-crafted arguments to defend.I want to live out every blogger’s biggest fantasy: getting first and The last sentence.

  • The Essential PH-1 in Ocean Depths is the most beautiful single smartphone ever made, and sorry, nothing else comes close.
  • Until Google made a concerted effort to make haptics a larger, more granular part of Android itself, the quality ceiling for haptics on Android phones was always lower than on iPhones. There’s a world of tactile textures and variety out there, and we’re just getting the basic vibes.
  • Android was not good until 4.0/ICS.
  • Samsung isn’t enough to sustain the Android tablet ecosystem, and even with Android 12L, Google isn’t doing enough to incentivize software (layout apps through tablets) or hardware development. Foldable devices are the last hope, and if they don’t take off, Android’s big-screen dream will be dashed.
  • Cardboard boxes, recycled aluminum and plastic in phones, and skipping chargers in boxes are not environmentally friendly; as long as companies are still arbitrarily setting off-death dates for updates, it’s greenwashing crap. If you’re getting rid of a full phone in a few years, saving a few grams of plastic or paper means little to the environment or climate, and companies know that.
  • While macOS does countless stupid, bad and wrong things, the MacBook is the only good laptop.
  • There is no such thing as “android” or “android”. They’re Android phones, period.
  • If Apple really cared about customer privacy, it would adopt RCS, but it’s just doing lip service in a way that looks good in a way that hurts its competitors (like “do not track”). Stop falling in love with it.
  • On a related note, privacy cannot be made more attractive without an existential crisis like a mass hack.
  • Bits are bits, bytes are bytes; Nest Aware storage should just be part of Google One.
  • world need A true YouTube competitor – Google basically has a monopoly. I nominate Amazon/Twitch, which could easily step in and fill the void.
  • Camera hardware hardly matters now. Software is more important. You all need to stop being upset about a phone with an “old” sensor — if anything, it means the manufacturer has tweaked its processing to better suit it.
  • On a related note, the rise of computational photography is the route to nearly all recent photo quality improvements in smartphones, which means that “pro” camera modes are obsolete — you do not Actually want that level of control, even if you think you do. (But other methods of providing similar control under this new paradigm could be useful, like what Google is doing.)
  • Carriers are using VoLTE and 5G certification as a weapon to force manufacturers to do what they want (including stupid/expensive technologies like mmWave). Those with the power to make positive change need to take control of the situation for the benefit of customers and market competition.
  • Google’s success with Android means it can’t understand the difference between platform and product (or, at an execution level, can’t make decisions to get rid of this confusion), which will continue to undermine Pixel, Nest, etc. In subtle but important ways, until the company gets it.
  • To sum it up, Google can’t “win” on Android: if it starts using GMS certification as a bigger stick and carrot to get smartphone makers to stop making bad and stupid changes (as they should), it will face Increasing regulatory scrutiny acts as a bigger gatekeeper in the platform (which is a problem).But Google’s already Made many parts of the platform proprietary and part of Play Services, so much so that the argument for Android as an open platform was no longer tenable – there was “Android” and then there was Google’s Android, which is empirically the most important thing on the market. Google should probably be broken up into smaller companies.
  • Where is the better third-party app store integration for the Android platform that you promised in 2020, Google?
  • and Where What’s the inbox-like bundle Google promised for Gmail in 2018? !


That’s what Ryne Hager from Android Police is up to, though you’ll likely see some of my lingering stories in the next few weeks as drafts on other topics go through the editing process.

Five years on, I will miss defending your obscenity, coquering about your favorite things, writing love letters to my Android wife, and haggling endlessly for Google. Or Samsung? Maybe OnePlus today. You guys will have to tell me.

But trust my YubiKey

Leave a Comment

Your email address will not be published.