I’ve got a riddle for you:
What did frustration say when she saw this article published? ʇsnqoɹ ʞool no⅄ ˙plᴉɥɔ pǝʌolǝq ʎW ¡H∀
(turn your device upside down for the answer)
Yes! This article was birthed out of frustration; although that was not the initial intention. So first, I will speak without vitriol and then I will speak with.
As we know, online privacy is a thing; a huge thing. Although privacy is not all that internet rights are about, it definitely stands out. This is because the internet framework can be fragile and easily compromised and it takes a certain level of intentionality to keep information on the internet secure. It is therefore from a sense of that duty that a lot of internet service providers or online businesses structure security measures to ensure that their users are protected.
Before I go on, I’d just like to point out that Privacy and Security are two different things. They seem like they are the same but they aren’t. I’ll admit though, both concepts seek to meet the same end; protect data. Data privacy, however, protects data by controlling its collection, use and transfer and all that while Data security is more about creating tools and structures that keep your data away from hackers and the bad guys on the internet.
So it’s very possible for a company or a website or an individual to create or utilize great security tools to help users/visitors protect their data against hackers but at the same time be employing the worst privacy standards in how data is collected or used.
That said, there are some common data security tools you probably know.
For instance, ‘Passwords’. Basic yeah? Yeah, you have passwords to keep inexperienced and undetermined hackers away. We also have ‘Encryption’. Encryption does not necessarily prevent hacking, it just uses an algorithm to make hacked content unintelligible. Furthermore, we have ‘Firewalls’. Think of Firewalls as that gate-man or security officer manning a prison. He’s been pre-set with rules on who can come in and who can go out. And he obeys those rules to the letter; or at least he’s meant to. 🙂
More relatable is the Multi-factor Authentication or 2-Step Verification. This is like a more paranoid password thingy. It basically seeks to verify whether you’re really the person trying to access the account by asking for something you have and then something you know (e.g Your Fingerprint + Your Password OR Your Password + An OTP sent to your phone). It’s like when you and your roommate have a secret knocking system, a secret word and a secret cough rhythm before you either of you can gain access into the room. So for instance, if you only provide the knocking rhythm like ‘Dum dum dum ka’, she’ll be like, ‘Okay?’ And then you have to be like, ‘Covfefe’ and she’ll be like ‘Okay?’ And then you’ll be like, ‘*cough* *cough* *coooooouuuughhhhhh* And she’ll be like, ‘AWESOME! I’m coming to get you’.
While all of these security tools and measures are fantastic, the problem of hacking and data interference is still a thing and security options are not really being optimized as our laws demand (I just had to chip Law into this. This is afterall a law blog. LOL) Our security is still volatile as long as the tools for protecting it remain software related. Hackers gon’ hack. Always. It might not be your data, but it’s definitely someone else’s data somewhere. Whether remotely or by stealing your computer and doing their (black) magic.
So this is where a hardware security key comes in. It steps in as a solid (literally) hero.
As beautifully said by Stina Ehrensvärd (an innovator and the co-inventor of YubiKey, a standard hardware authentication device), in this awesome podcast, a16z “The more factors you have, the more likely it is to be secure, but it also adds complexity to the user (sic). Something that you have… or you know, with something that you are… should ideally be combined with a hardware authenticator (sic) that’s in your pocket, that’s not connected to the internet and has a very small attack vector’
She also explained that unlike your fingerprint which can be copied because it is available to anyone who can get access, sending strong unique numbers is difficult to beat or to guess.
A hardware authentication token or key basically works as the other part of a multi-authentication or a 2-step verification process. Say you have one of these keys and set it up for your google account. When you input your password to sign into that account on a computer, you’ll be asked for your security key and at that prompt, you may insert your physical key into your USB and either press the button on the key (if yours has a button or a touch-responsive area) or just leave it at inserting.
Super cool yeah? Yes, I think so too. There are strong arguments to be made for it and I think it’s the same concept with Bank Tokens, as we know. Google in its effort to protect data, has incorporated this as one of the security options for its user. I think many more companies should make this option available for users’ online security.
HERE COMES THE VITIROL!!!!!
So remember I promised to vent?
Well, Google GAVE ME , a Nigerian this FIDO U2F Security Key in Nigeria. It came with its own cute packaging and reusable wallet and all Google branded litness. So I’m like, ‘Yes yes yes. YAS!’.
I decided I was going to review it at the perfect time; which for me, was yesterday.
It was a mind-opening process for me; leaving me exasperated at the end.
So here’s a run-down:
Following the google instructions, I made my attempt to set up my security key but to no avail! I kept getting stuck at Step 4 because guess what, there was no ‘add security key’ in MY OWN 2SV page.
I searched and searched on support forums for why my page was conspicuously missing a security key option. I was like, ‘Okay, this isn’t like my boo, Google. I’m going to try to find customer support to clear this.” Guess what guys??? I found out that you don’t get to chat with a Google customer support agent unless you’re a GSuite Paid user. I was going to seethe but I remembered that I have GSuite for one of my websites. ‘In ya faceeeee’. But still, can you imagine?
Okay, this didn’t make me angry. I chatted with one of Google Support agents, Mari-Syle, and she was really cool. She told me that I had to first turn on my 2 Step Verification and then I’d see the link. In my mind I was like, ‘Um.. That wasn’t in the process thingy but okay’. But in real life I was like, ‘You’re a gem! Thanksss! I’ll do that tomorrow. I have to run’
I actually tried to do it tomorrow (today), and turns out that 2-Step Verification is not available for Nigerians. *DJ screech and rewind* *oops!* No. Not *oops!* more like ‘WHAT THE ACTUAL HECK???’ I had kept seeing that my phone number was invalid and I couldn’t authenticate with it and I was like ‘Okay, what’s wrong with me? Cause it has to be me, right?’ I even bought airtime just in case. LOL
I finally went on a Forum Support Group and I figured that A LOT of Nigerians have been ranting about this same situation. (Oh, mind you, these complaints have been since 2016). Just check this Forum Group filled with Nigerian ranters. It’s almost funny.
So yeah, I get it. It isn’t about Google. It’s about Nigerian Telcos not being able to negotiate properly with Google or vice versa to arrive at a pleasing service rate. Or, the Telcos just can’t deal with all the 2SV traffic. But this partnership is so needed. It’s ridiculous that I cannot access the 2SV feature for my google account in the 21st century. 9Mobile and Co, please fix up abeg.
Meanwhile, y’all check out my dentition.