跳轉至

安全金鑰

防護下列威脅:

實體安全金鑰可為線上帳戶添加強大的保護層。 Compared to authenticator apps, the FIDO2 security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself. Many services support FIDO2/WebAuthn as a multifactor authentication option for securing your account, and some services allow you to use a security key as a strong single-factor authenticator with passwordless authentication.

YubiKey 安全金鑰

Security Key Series by Yubico

The Yubico Security Key series is the most cost-effective hardware security key with FIDO Level 2 certification1. It supports FIDO2/WebAuthn and FIDO Universal 2nd Factor (U2F), and works out of the box with most services that support a security key as a second factor, as well as many password managers.

Homepage

有 USB-C 和 USB-A 兩種版本,兩者都支援 NFC,可與行動裝置一起使用。

此金鑰僅提供基本的 FIDO2 功能,但對於大多數人來說就足夠其需求。 安全金鑰系列不具備的功能為:

If you need any of those features, you should consider their higher-end YubiKey series instead.

警告

Yubico 安全金鑰的韌體不可更新。 如果您想要使用較新韌體版本的功能,或者使用中的韌體版本存在漏洞,則需要購買新的金鑰。

YubiKey

YubiKeys

The YubiKey series from Yubico are among the most popular security keys with FIDO Level 2 Certification1. The YubiKey 5 Series has a wide range of features such as FIDO2/WebAuthn and FIDO U2F, TOTP and HOTP authentication, Personal Identity Verification (PIV), and OpenPGP.

Homepage

The comparison table shows how the YubiKeys compare to each other and to Yubico's Security Key series in terms of features and other specifications. YubiKey 好處之一是,一支可以滿足對安全金鑰硬體的全部期待。 We encourage you to take their quiz before purchasing in order to make sure you choose the right security key.

YubiKey 可以使用 YubiKey ManagerYubiKey Personalization Tools 來設定它。 若要管理 TOTP 程式碼,可用 Yubico Authenticator。 Yubico 所有客戶端軟體都是開源的。

For models which support HOTP and TOTP, the secrets are stored encrypted on the key and never exposed to the devices they are plugged into. 一旦向 Yubico Authenticator 提供種子(共享祕密) ,它將只會給出六位數的代碼,但永遠不會提供種子。 此安全模型有助於限制攻擊者,即便運行 Yubico Authenticator的設備受到破壞,讓受到物理攻擊時 Yubikey 仍具抵抗力。

警告

Yubikey 安全金鑰的韌體不可更新。 如果您想要使用較新韌體版本的功能,或者使用中的韌體版本存在漏洞,則需要購買新的金鑰。

Nitrokey

Nitrokey

Nitrokey has a cost-effective security key capable of FIDO2/WebAuthn and FIDO U2F called the Nitrokey Passkey. For support for features such as PIV, OpenPGP, and TOTP and HOTP authentication, you need to purchase one of their other keys like the Nitrokey 3. Currently, only the Nitrokey 3A Mini has FIDO Level 1 Certification.

Homepage

The comparison table shows how the different Nitrokey models compare to each other in terms of features and other specifications. Refer to Nitrokey's documentation for more details about the features available on your Nitrokey.

Nitrokey 模式可用 Nitrokey 應用程式 來設定。

警告

Excluding the Nitrokey 3, Nitrokeys which support HOTP and TOTP do not have encrypted storage, making them vulnerable to physical attacks.

標準

Please note we are not affiliated with any of the projects we recommend. In addition to our standard criteria, we have developed a clear set of requirements to allow us to provide objective recommendations. 我們建議您在選擇使用項目之前先熟悉此列表,並進行自己的研究,以確保它是您的正確選擇。

最低合格要求

  • Must use high-quality, tamper-resistant hardware security modules.
  • 必須支援最新的 FIDO2 規格。
  • 不允許私鑰提取。
  • 價格超過 35美元的裝置必須支援處理 OpenPGP 和 S/MIME。

最佳情況

最佳情況標準代表我們希望在這個類別的完美項目的應具備的特性。 推薦產品可能沒有此功能,但若有這些功能則會讓排名更為提高。

  • Should be available in USB-C form factor.
  • 應與 NFC一起使用。
  • 支持 TOTP 機密儲存。
  • 應支援安全軔體更新。

[PWAs]: 漸進式網路應用程式 [WKD]: 網路金鑰目錄 (Web Key Directory)


  1. Some governments or other organizations may require a key with Level 2 certification, but most people do not have to worry about this distinction. 

您正在查看 Privacy Guides 的 正體中文 版本,由我們在 Crowdin 上出色的團隊翻譯。如果您發現錯誤,或在此頁面上看到任何未翻譯的部分,請考慮提供幫助! 訪問 Crowdin

You're viewing the 正體中文 copy of Privacy Guides, translated by our fantastic language team on Crowdin. If you notice an error, or see any untranslated sections on this page, please consider helping out!