Countdown to Election Day: Truths and Myths About Using Security Keys

The concept of strong user authentication can seem technical and tricky, but it doesn’t have to be. DDC is teaming up with the FIDO Alliance, an open standards industry association with a mission to reduce the world’s reliance on passwords. We are setting the record straight to help everyone understand how simple it is to use a physical security key—the strongest form of authentication—to prevent malicious actors from accessing your accounts.

If you are a candidate or work with or for a political campaign, you are at a higher risk of being targeted by a nation-state, hacktivists, or cybercriminals. Protecting your accounts—the primary target of bad actors—between now and Election Day is essential. Enabling a physical security key certified by the FIDO Alliance takes only minutes. DDC-eligible campaigns can get these keys for FREE, shipped to you quickly. We can even walk you through how to set them up. Still not convinced? Read further.

Below are several misconceptions and truths about using security keys, the strongest form of phishing-resistant authentication, from the FIDO Alliance:

Q: True or False: Using a physical security key makes it a hassle to get into my accounts and slows me down.

False. Signing in with a physical security key is simple: it requires only a quick touch. Those added milliseconds deliver the highest level of sign-in security available.

Q: True or False: I can forget my passwords when I use a security key.

It depends! For services that offer passwordless login, yes, your security key can replace your password. For services that do not yet offer passwordless login, you will still need a password. However, your security key will act as a second factor, adding an extra layer of protection for your username and password.

Q: True or False: I need a different key for every account I protect.

False. One security key can house multiple credentials for all of your accounts, including email, cloud, and social media.

Q: True or False: If I lose my computer or phone, or need to log in on a new device, I can use my security key.

True. Your FIDO security key can be used on any device, and it can be helpful if you need to restore access to an account.

Q: True or False: I have to plug in the key every time I log in.

False. There are physical keys, such as nano keys, that stay in your device all the time. Some keys also have embedded proximity technology that works when near your device. For example, an NFC key can be next to the device, and all the user has to do is touch it to sign in. Many services allow you to "remember" the device, only occasionally asking for key verification.

Q: True or False: A long password is just as secure as a security key.

False. Unlike passwords, a FIDO security key provides maximum phishing resistance and cryptographic security.

Q: True or False: If I lose my key, I will be locked out of my accounts.

True. Because of the strong security a FIDO security key provides, having the key is necessary to access your account. To prevent being locked out, we recommend having a backup security key. The services you use may also have alternate ways to regain access if you lose a key.

Q: True or False: Using a security key makes your protected account virtually unphishable.

True. A FIDO security key is engineered to meet FIDO standards for phishing-resistant authentication.

Q: True or False: A physical security key can hold several passkeys (a digital credential stored on your device).

True. A physical security key can manage multiple passkeys.