In a Nutshell: Anybody using a computer or mobile device has created a username or password at some point. For years, this has been the standard for online security and authentication, but experts say this approach is no longer sufficient. YubiKey, from Yubico, is a multifactor authentication product that boosts authentication security while maintaining convenience for its users. The YubiKey simply plugs into a USB port or uses near-field-communication technology for supported smartphones, and users can touch the key with their finger and gain access to hundreds of applications and sites. Google and Microsoft support YubiKey, and Google employees are even required to use it on the job.
If youre reading this, youre most likely using a computer or a mobile electronic device. And if youre using one of those things, then youve likely had to create a password or two in your day. Or 27, which is how many discrete login passwords the average person has, according to a 2016 Intel Security poll.
But, with the numerous high-profile security breaches in recent years and more sophisticated technology available to hackers, some are saying its time to log off from using passwords to protect our accounts.
Now, growing numbers of security experts feel that the password in its common form is too old and unsophisticated for the job, according to a Washington Post article titled The Secret Password IsObsolete from 1994.
Multifactor authentication in which a user must present two forms of identification, such as a password and a one-time, computer-generated code have become more commonly used in recent years. But even thats not a match for todays bad actors.
Most of us in the industry have known for a long time that just a username and password is not secure enough, said Hormazd Romer, Vice President of Product Marketing at the internet security company, Yubico. As attackers have gotten more sophisticated and more real-time in their attacks, theyre even able to circumvent a lot of traditional multifactor authentication methods.
So, if the 27 passwords you have written down on that tiny little piece of paper in your desk drawer are no longer adequate, and even the increased security of the more labor-intensive multifactor authentication is not enough, how can our online accounts stay secure?
With the YubiKey, according to Romer. The flagship product of Yubico, the YubiKey is a piece of hardware that can be plugged into computers and other devices to log in to email, online services, apps, computers, and even physical spaces.
We recently spoke with Romer to learn more about the YubiKey, the technology behind it, and what makes it a superior authentication method.
Yubico was founded in Sweden in 2007 with the mission to make secure login easy and accessible to everyone, with one single authentication key that would work across multiple services.
YubiKey is the realization of this vision.
YubiKey is a physical device that plugs into the USB port of your computer or electronic device. There are different models of YubiKeys available for devices that use USB-A, USB-C, Lightning, and near-field-communication (NFC) technology.
The keys name conjures the notion of ubiquity on purpose, and the Japanese word yubi means finger, which is how users confirm their presence to the YubiKey.
At a high level, one of the key benefits of YubiKey is that it fits into a regular USB port of a computer and doesnt require any additional software or hardware, Romer said. Past solutions have required external card readers or other things you had to hook up to your computer, or required installing software.
Romer said all major browsers and platforms support YubiKey.
So that means as soon as you put your YubiKey into the USB port, the platform itself detects it and the browser says, Oh, this is a security key, now I can use it, he said.
Romer said the company offers two different form factors users can choose from, based on their preference.
One is what we call a keychain model, which is the size of, or smaller than, a typical house key, he said. And it has a little key chip holder in it, and you carry it with you on your keychain. Its portable and goes from computer to computer, and you always have it on your person as long as you have your keys with you.
The other version is the nano form factor which is geared toward convenience, Romer said.
Its for when youre typically working from a single computer all day long, and you need to log in multiple times a day, he said. This is a tiny, tiny thing thats kind of just a little nub sticking out, once you put into the USB port out of your computer. And to log in, all you have to do is tap it.
Romer said most users prefer to have one of each type of YubiKey.
The devices can also be used with mobile phones that support NFC technology.
To use the YubiKey, users first must go to the security settings of their account and select two-factor authentication. Then, for computers, they insert the YubiKey into the USB port and touch the key to verify they are human and not a remote hacker.
For NFC-enabled phones, users just tap the YubiKey against the phone to complete authentication.
The YubiKey offers a variety of functions when it comes to security and authentication.
For example, it works with the FIDO U2F open authentication standard which enables strong two-factor authentication to hundreds of web-based applications, including Gmail, Salesforce, and Twitter. And the FIDO2 standard offers expanded authentication options like multifactor and passwordless authentication.
With YubiKey support for FIDO2, organizations can accelerate to the passwordless future without the need for any client software or drivers, according to the company website.
The YubiKey can also generate a one-time encrypted password for a single use.
YubiKeys technology also enables it to generate six- and eight-character passwords for logging into various services and provides support for offline validations as well. The YubiKey 5 Series also supports the same features found in smart cards that broker data exchanges.
The keys can also generate 38-character static passwords that are compatible for any application login. This is handy for legacy systems that are not able to use two-factor authentication.
The company details the features supported on each YubiKey model on its YubiKey comparison chart, available on the company website.
All of these functions, which exist within the tiny YubiKeys, directly support Yubicos mission of providing convenient ways to authenticate credentials and prevent sensitive information from being stolen.
The YubiKey works with hundreds of enterprise, developer and consumer applications, out of the box and with no client software, according to the company. Combined with leading password managers, social login and enterprise single sign-on systems the YubiKey enables secure access to millions of online services.
Romer said Yubico feels very good about all the support it has in the industry.
The crush- and water-resistant YubiKey has been successfully deployed by some of the largest tech, finance, and retail companies in the world, according to Yubico, and has millions of users in 160 countries.
Not only is YubiKey supported across Microsoft and Google applications, but the use of YubiKey is also mandatory for all Google employees.
Google began working with Yubico in 2009 when Google was increasingly the target of sophisticated cyberattacks that could circumvent traditional security measures.
We believe that by using this token weve raised the standard of security for our employees beyond what was commercially available, wrote Googles Director of Security Engineering Mayank Upadhyay on the Yubico website. The device works with Googles Web browser Chrome, and works very seamlessly for people in their day-to-day workflow here at Google.
Romer said these kinds of enterprise uses of YubiKey are very valuable to companies because there is so much at stake if a data breach occurs. Companies not only risk losing millions of dollars if infiltrated, but sensitive customer data can be accessed, and a companys reputation can be severely damaged.
Although YubiKey does not work with every single website or service, Romer said Yubico is continually working to increase its level of support. In the meantime, the company encourages potential users to search its online catalog to see if the service they want to use is currently supported.
Romer added that Yubico does not currently have any banks listed in its catalog, and the company encourages users to express their desire to use a YubiKey with their financial institutions.
Yubico is regularly engaged with service providers to broaden the YubiKey ecosystem, but we often hear that its the customer preference that is most influential, he said. Most product features and road maps are prioritized based on popular customer demands.
Romer said there is a lot of exciting work going into making convenient and secure passwordless authentication a reality.
Theres going to be even more innovation in that area, he said. I think that is the future. Everybody hates usernames and passwords. IT people hate passwords. Hackers love passwords, but everybody else hates them.
Romer said he believes the whole tech industry will be moving toward a world where users wont have to create a new password every time they create an account or sign up for a new service online.
- Common Internet of Things security pitfalls Urgent Comms - Urgent Communications - July 29th, 2020
- US starts work on making virtually unhackable internet a reality; All you need to know about Quantum Internet - The Financial Express - July 29th, 2020
- Internet Of Everything (IoE) Market Growth Analysis By Manufacturers, Regions, Types and Application Forecast - Market Research Posts - July 29th, 2020
- What are you giving away on social media? | IT PRO - IT PRO - July 29th, 2020
- Explained: Why is spyware, stalkerware gaining traction during the pandemic? - The Indian Express - July 29th, 2020
- Are we seeing the beginnings of an Indian internet? - Deccan Herald - July 29th, 2020
- What the Tech? Check Your Internet Security When Working from Home - Alabama News Network - July 27th, 2020
- Security of the internet is improving, but there is work to be done - Security Magazine - July 27th, 2020
- Outlook on the Internet Security Software Market to 2025 by Application, End-user and Geography - CueReport - July 27th, 2020
- U.S. Government Says Its Building A Virtually Unhackable Quantum Internet - Forbes - July 27th, 2020
- Amid 'heightened tensions,' US government issues warning to critical infrastructure providers - Utility Dive - July 27th, 2020
- The global Internet of Things (IoT) security market size is expected to grow from USD 12.5 billion in 2020 to USD 36.6 billion by 2025, at a Compound... - July 27th, 2020
- WISeKey to Showcase its Cybersecurity Solutions for Artificial Intelligence Used in Drones and Robots at SIDO 2020 - GlobeNewswire - July 27th, 2020
- Various Politicians, Companies, And Activists Are Targeted By A Secretive Industry - See How India Has Become A Hire-for-hack Place For Other... - July 27th, 2020
- Internet of Things (IoT) Security Product Market Forecasts and Opportunity Assessment Analysis 2019-2025 - Owned - July 27th, 2020
- ESET scores high in the Business Security Test 2020 - My Startup World - July 27th, 2020
- Global Internet of Things (IoT) Security Market 2020 Trends Analysis and Coronavirus (COVID-19) Effect Analysis | KEY PLAYERS MARKET WITH COVID-19... - July 27th, 2020
- The 12 Coolest AWS Tools Of 2020 (So Far) - CRN - July 27th, 2020
- Smart Home Market with COVID-19 Impact Analysis by Product, Software & Services, and Region - Global Forecast to 2025 - GlobeNewswire - July 27th, 2020
- MailVault ties up with BD Soft as the National Distributor, for the Indian Markets - CRN.in - July 27th, 2020
- WISeKey Appoints Ben Stump as Chief Revenue Officer to Drive the Next Phase of its Global Growth - GlobeNewswire - July 27th, 2020
- 4G internet not a security concern, no objection restoring it: JK admin tells Centre - The Kashmir Walla - July 27th, 2020
- This Is a Good Time to Buy Fastly Stock on the Dip - InvestorPlace - July 27th, 2020
- How firms are keeping staff and secrets safe from hackers now everyone is working remotely - CNBC - July 27th, 2020
- Cloudflare goes down, and takes the internet's security blanket with it - Mashable - July 23rd, 2020
- Should You Connect Your Brain to the Internet? - Security Boulevard - July 23rd, 2020
- Global Internet Security Market Growth Rate and Opportunities By 2025 With COVID-19 Outbreak, Top Players: HPE, IBM, Intel, Symantec, AlienVault,... - July 23rd, 2020
- Global Internet Security Market 2020 Growth Rate, Gross Margin, Competitive Situation and Trends, Forecast To 2026 - 3rd Watch News - July 23rd, 2020
- How Coronavirus Pandemic Will Impact Internet Security Software Market Size, Growth Opportunitis, Current trends, Forecast By 2026 - 3rd Watch News - July 23rd, 2020
- IT Security Consulting Services Market 2020: Potential Growth, Challenges, and Know the Companies List Could Potentially Benefit or Loose out From the... - July 23rd, 2020
- Scammers prey on Coronavirus fears - The Tomahawk - July 23rd, 2020
- Popular Chinese-Made Drone Is Found to Have Security Weakness - The New York Times - July 23rd, 2020
- Internet of Things (IoT) Security Marketplace 2020-2025 - Google, Cisco, IBM, and Intel Leading the IoT Revolution - WFMZ Allentown - July 23rd, 2020
- Digital culture in the age of COVID-19: Viral 'U' creators and politiktoks - The Michigan Daily - July 23rd, 2020
- Global IT Security Market 2025 To Expect Maximum Benefit and Growth Potential During this COVID 19 Outbreak During this COVID 19 Outbreak: Blue Coat,... - July 23rd, 2020
- Securing Travel and Transportation Operations - Security Intelligence - July 23rd, 2020
- Global Cloud DDoS Mitigation Software Market 2025 Potential Scope for Growth in This Pandamic : Amazon Web Services, Microsoft, Webroot, Google,... - July 23rd, 2020
- Internet of Things (IoT) Security Market Foresees Skyrocketing Growth in the Coming Years - Market Research Posts - July 23rd, 2020
- DDoS Protection Market 2020 | In-Depth Study On The Current State Of The Industry And Key Insights Of The Business Scenario By 2027 - Cole of Duty - July 23rd, 2020
- Exhaustive Study on DDoS Protection and Mitigation Market 2020 | Strategic Assessment by Top Players Akamai Technologies; Imperva; Radware - 3rd Watch... - July 23rd, 2020
- IT spending on Internet connectivity, security to rise in India: Report - Business Insider India - July 6th, 2020
- VPNs are the need-of-the-hour for safe and fast connections as we work-from-home - The Hindu - July 6th, 2020
- What is network security in the cloud computing era? - TechRadar - July 6th, 2020
- Revealed: How home router manufacturers dropped the ball on security - TechHive - July 6th, 2020
- Malaysia Internet of Things (IoT) Security Market Growth By Manufacturers, Type And Application, Forecast To 2026 - 3rd Watch News - July 6th, 2020
- Akamai Is an Overlooked Web Infrastructure Play. Its a Buy, Analyst Says. - Barron's - July 6th, 2020
- According to Latest Report on Internet of Things (IoT) Security Market to Grow with an Impressive CAGR - 3rd Watch News - July 6th, 2020
- Enterprise Firewall Market Overview and Regional Outlook with Research Study 2019 2026 - 3rd Watch News - July 6th, 2020
- How Have I Been Pwned became the keeper of the internets biggest data breaches - TechCrunch - July 6th, 2020
- Global Internet of Things (IoT) Security Market Trends, Opportunities, Key Players, Growth, Analysis, Outlook & Forecasts To 2026 - Daily Research... - July 6th, 2020
- WISeKey develops WIShelter Covid-19 secured smartphone app, using digital IDs and blockchain protocols, to certify users that are not infected with... - July 6th, 2020
- Cryptocurrencies Adding to the Safety and Security in the UK Gambling Industry - London Post - July 6th, 2020
- Voice recordings from domestic violence alerting app exposed on the internet - Security Boulevard - June 30th, 2020
- The lack of women in cybersecurity puts us all at greater risk - The Next Web - June 30th, 2020
- Cascading Security Through the Internet of Things Supply Chain - Lawfare - June 30th, 2020
- How to Build the Right Security Assessment - Security Boulevard - June 30th, 2020
- Apple may have just changed a key part of how the internet works - TechRadar - June 30th, 2020
- Indians most concerned about identity theft - Fortune India - June 30th, 2020
- Deeper Connect Mini: Decentralized, Private and Secure Internet for the People, launching June 30th on Indiegogo. - Yahoo Finance - June 30th, 2020
- Internet of Things (IoT) Security: Technologies and Global Markets - Yahoo Finance - June 30th, 2020
- Could Donald Trump claim a national security threat to shut down the internet? - Brookings Institution - June 30th, 2020
- Internet of Things Security Market Strategic Insights 2020 with analysis of Leading players: Check Point Security Software Technologies, Cisco... - June 30th, 2020
- Global IT Security Market is accounted for xx USD million in 2019 and is expected to reach xx USD million by 2025 growing at a CAGR of xx% : Blue... - June 30th, 2020
- Internet of Things (IoT) Security Market Size, Share, Growth, Revenue, Global Industry Analysis and Future Demand |Globalmarketers.biz - Cole of Duty - June 30th, 2020
- Surge in encrypted malware prompts warning about detection strategies - SecurityBrief Europe - June 30th, 2020
- NexTech AR to supply its video conferencing and virtual events platform to Dallas Independent School District - Proactive Investors UK - June 30th, 2020
- Dutch people are least concerned about safety, survey reveals - IamExpat in the Netherlands - June 30th, 2020
- Only 31% of Americans concerned with data security, despite 400% rise in cyberattacks - TechRepublic - June 24th, 2020
- WatchGuard Technologies Report Finds Two-Thirds of Malware is Encrypted, Invisible Without HTTPS Inspection - GlobeNewswire - June 24th, 2020
- How To Turn Off Firewall In Windows And Mac - Ubergizmo - June 24th, 2020
- OTF's Work Is Vital for a Free and Open Internet - EFF - June 24th, 2020
- Microsoft acquires CyberX to bolster Azure IoT security - Internet of Things News - IoT Tech News - June 24th, 2020
- Partner Content: ESET and Spire Technology on why you need a Password Manager - PCR-online.biz - June 24th, 2020
- Internet of Things (IoT) Security Market to Witness Robust Expansion Throughout the Forecast Period 2020 2025 - 3rd Watch News - June 24th, 2020
- Google is on a mission to stop you from reusing passwords - The Verge - June 24th, 2020
- Marking the 30th Anniversary of the Internet and Cybersecurity Treaty - CircleID - June 24th, 2020
- The Cyberlaw Podcast: Using the Internet to Cause Emotional Distress is a Felony? - Lawfare - June 24th, 2020
- DDoS Protection Market 2020 | How The Industry Will Witness Substantial Growth In The Upcoming Years | Exclusive Report By MRE - Cole of Duty - June 24th, 2020
- Julian Assange Extradition and the Freedom of Bitcoin Bitcoin... - Bitcoin Magazine - June 24th, 2020
- How to become a web developer? - The Tribune - June 24th, 2020