The reason why there was no email leak in the 2020 US presidential election may be due to the adoption of a 'physical security key'

In the 2016 US presidential election, cyber attacks such as the leak of an email from

John Podesta , who was in charge of election measures for Democratic candidate Hillary Clinton , occurred, but in the 2020 US presidential election So far, no major cyber attacks have been reported. Regarding this reason, CNBC , a news broadcaster in the United States, said that the adoption of 'physical security keys' may have been large.

Physical security keys protected 2020 election campaigns against leaks

In 2016, a group of hackers presumed to be related to Russia hacked Podesta's email account, and tens of thousands of emails from the Clinton camp were published on Wikileaks . It is believed that this incident affected the outcome of the election, including the birth of a conspiracy theory and Pizzagate that 'people involved in the Clinton camp are involved in human trafficking and sexual abuse of children.'

In order to steal Mr. Podesta's e-mail, the hacker notified Mr. Podesta that 'the account was hacked' and made him change the password on the screen disguised as Google's login screen. The hacker was able to obtain the login information for Podesta's email account and steal the email.

This case became a turning point, and the government and the Democratic National Committee 's awareness of security changed. A 'physical security key' is attracting attention as an effective authentication method for protecting important accounts.

Physical security keys such as YubiKey are physical devices that can introduce secure two-step authentication by linking with Google accounts. In recent years, physical security keys have continued to advance, with the emergence of types compatible with the iPhone and the emergence of methods that combine physical security keys and biometric authentication .

Review of 'YubiKey 5C NFC', a physical security key equipped with USB Type-C and NFC that can be used on both smartphones and PCs --GIGAZINE

In fact, with the introduction of Yubico's two-step authentication security key 'YubiKey', Google has stopped reporting damage to employee phishing . Google also sells a physical security key called the 'Titan Security Key', which provides users with secure two-step authentication.

Physical key 'Titan security key' usage review to build secure two-step authentication of Google and prevent unauthorized access --GIGAZINE

In 2019, the US Federal Election Commission decided to 'make it possible to spread security products to election teams without violating election funding rules.' Therefore, Defending Digital Campaigns , a non-profit organization that protects election security, has cooperated with Google and Microsoft to introduce physical security keys in election campaigns.

In February 2020, Google announced that it would 'provide free access to Titan security keys for political campaigns,' and distributed a kit containing more than 10,000 physical security keys through Defending Digital Campaigns in a blog post. Stated. The kit distributed by Google included a physical security key for daily use by each person concerned and a physical security key for storage in a safe place, a total of two physical security keys.

Our work on the 2020 US election

In addition, Microsoft has provided security training to more than 1,500 people at the Democratic and Republican National Committees and advised on the introduction of multi-factor authentication. Microsoft pointed out that the problem with physical security keys is that 'unlike face recognition and fingerprint recognition, there is a possibility of losing the physical security key required for login.' Therefore, Microsoft is proposing ' Microsoft Authenticator ', a login method using a smartphone, as a viable alternative.

'Microsoft Authenticator' that allows you to securely log in to your Microsoft account without a password if you have a smartphone --GIGAZINE

Joe Biden's camp has deployed physical security keys to stakeholders, according to CNBC informants familiar with the issue. Jeremy Grant, an attorney at the National Institute of Standards and Technology who has worked on cybersecurity, said, 'The physical security key worked, so there was no incident like Mr. Podesta. An attempt to phish an election official's account. Not without them, but they knew that phishing could happen and there was a tool to block it. '

in Hardware,   Security, Posted by log1h_ik