In a Nutshell: Anybody using a computer or mobile device has created a username or password at some point. For years, this has been the standard for online security and authentication, but experts say this approach is no longer sufficient. YubiKey, from Yubico, is a multifactor authentication product that boosts authentication security while maintaining convenience for its users. The YubiKey simply plugs into a USB port or uses near-field-communication technology for supported smartphones, and users can touch the key with their finger and gain access to hundreds of applications and sites. Google and Microsoft support YubiKey, and Google employees are even required to use it on the job.
If youre reading this, youre most likely using a computer or a mobile electronic device. And if youre using one of those things, then youve likely had to create a password or two in your day. Or 27, which is how many discrete login passwords the average person has, according to a 2016 Intel Security poll.
But, with the numerous high-profile security breaches in recent years and more sophisticated technology available to hackers, some are saying its time to log off from using passwords to protect our accounts.
Now, growing numbers of security experts feel that the password in its common form is too old and unsophisticated for the job, according to a Washington Post article titled The Secret Password IsObsolete from 1994.
Multifactor authentication in which a user must present two forms of identification, such as a password and a one-time, computer-generated code have become more commonly used in recent years. But even thats not a match for todays bad actors.
Most of us in the industry have known for a long time that just a username and password is not secure enough, said Hormazd Romer, Vice President of Product Marketing at the internet security company, Yubico. As attackers have gotten more sophisticated and more real-time in their attacks, theyre even able to circumvent a lot of traditional multifactor authentication methods.
So, if the 27 passwords you have written down on that tiny little piece of paper in your desk drawer are no longer adequate, and even the increased security of the more labor-intensive multifactor authentication is not enough, how can our online accounts stay secure?
With the YubiKey, according to Romer. The flagship product of Yubico, the YubiKey is a piece of hardware that can be plugged into computers and other devices to log in to email, online services, apps, computers, and even physical spaces.
We recently spoke with Romer to learn more about the YubiKey, the technology behind it, and what makes it a superior authentication method.
Yubico was founded in Sweden in 2007 with the mission to make secure login easy and accessible to everyone, with one single authentication key that would work across multiple services.
YubiKey is the realization of this vision.
YubiKey is a physical device that plugs into the USB port of your computer or electronic device. There are different models of YubiKeys available for devices that use USB-A, USB-C, Lightning, and near-field-communication (NFC) technology.
The keys name conjures the notion of ubiquity on purpose, and the Japanese word yubi means finger, which is how users confirm their presence to the YubiKey.
At a high level, one of the key benefits of YubiKey is that it fits into a regular USB port of a computer and doesnt require any additional software or hardware, Romer said. Past solutions have required external card readers or other things you had to hook up to your computer, or required installing software.
Romer said all major browsers and platforms support YubiKey.
So that means as soon as you put your YubiKey into the USB port, the platform itself detects it and the browser says, Oh, this is a security key, now I can use it, he said.
Romer said the company offers two different form factors users can choose from, based on their preference.
One is what we call a keychain model, which is the size of, or smaller than, a typical house key, he said. And it has a little key chip holder in it, and you carry it with you on your keychain. Its portable and goes from computer to computer, and you always have it on your person as long as you have your keys with you.
The other version is the nano form factor which is geared toward convenience, Romer said.
Its for when youre typically working from a single computer all day long, and you need to log in multiple times a day, he said. This is a tiny, tiny thing thats kind of just a little nub sticking out, once you put into the USB port out of your computer. And to log in, all you have to do is tap it.
Romer said most users prefer to have one of each type of YubiKey.
The devices can also be used with mobile phones that support NFC technology.
To use the YubiKey, users first must go to the security settings of their account and select two-factor authentication. Then, for computers, they insert the YubiKey into the USB port and touch the key to verify they are human and not a remote hacker.
For NFC-enabled phones, users just tap the YubiKey against the phone to complete authentication.
The YubiKey offers a variety of functions when it comes to security and authentication.
For example, it works with the FIDO U2F open authentication standard which enables strong two-factor authentication to hundreds of web-based applications, including Gmail, Salesforce, and Twitter. And the FIDO2 standard offers expanded authentication options like multifactor and passwordless authentication.
With YubiKey support for FIDO2, organizations can accelerate to the passwordless future without the need for any client software or drivers, according to the company website.
The YubiKey can also generate a one-time encrypted password for a single use.
YubiKeys technology also enables it to generate six- and eight-character passwords for logging into various services and provides support for offline validations as well. The YubiKey 5 Series also supports the same features found in smart cards that broker data exchanges.
The keys can also generate 38-character static passwords that are compatible for any application login. This is handy for legacy systems that are not able to use two-factor authentication.
The company details the features supported on each YubiKey model on its YubiKey comparison chart, available on the company website.
All of these functions, which exist within the tiny YubiKeys, directly support Yubicos mission of providing convenient ways to authenticate credentials and prevent sensitive information from being stolen.
The YubiKey works with hundreds of enterprise, developer and consumer applications, out of the box and with no client software, according to the company. Combined with leading password managers, social login and enterprise single sign-on systems the YubiKey enables secure access to millions of online services.
Romer said Yubico feels very good about all the support it has in the industry.
The crush- and water-resistant YubiKey has been successfully deployed by some of the largest tech, finance, and retail companies in the world, according to Yubico, and has millions of users in 160 countries.
Not only is YubiKey supported across Microsoft and Google applications, but the use of YubiKey is also mandatory for all Google employees.
Google began working with Yubico in 2009 when Google was increasingly the target of sophisticated cyberattacks that could circumvent traditional security measures.
We believe that by using this token weve raised the standard of security for our employees beyond what was commercially available, wrote Googles Director of Security Engineering Mayank Upadhyay on the Yubico website. The device works with Googles Web browser Chrome, and works very seamlessly for people in their day-to-day workflow here at Google.
Romer said these kinds of enterprise uses of YubiKey are very valuable to companies because there is so much at stake if a data breach occurs. Companies not only risk losing millions of dollars if infiltrated, but sensitive customer data can be accessed, and a companys reputation can be severely damaged.
Although YubiKey does not work with every single website or service, Romer said Yubico is continually working to increase its level of support. In the meantime, the company encourages potential users to search its online catalog to see if the service they want to use is currently supported.
Romer added that Yubico does not currently have any banks listed in its catalog, and the company encourages users to express their desire to use a YubiKey with their financial institutions.
Yubico is regularly engaged with service providers to broaden the YubiKey ecosystem, but we often hear that its the customer preference that is most influential, he said. Most product features and road maps are prioritized based on popular customer demands.
Romer said there is a lot of exciting work going into making convenient and secure passwordless authentication a reality.
Theres going to be even more innovation in that area, he said. I think that is the future. Everybody hates usernames and passwords. IT people hate passwords. Hackers love passwords, but everybody else hates them.
Romer said he believes the whole tech industry will be moving toward a world where users wont have to create a new password every time they create an account or sign up for a new service online.
- Internet Security Market to Reap Excessive Revenues by 2026 Dagoretti News - Dagoretti News - January 19th, 2020
- How to Secure Your Windows 7 PC in 2020 - How-To Geek - January 19th, 2020
- Security fears saw nearly half of Europe use the internet less during 2018 - The Brussels Times - January 19th, 2020
- Senate Passes Legislation to Help Boost and Secure the Internet of Things - Nextgov - January 19th, 2020
- Internet of Things presents the next frontier of cyberattacks - ITProPortal - January 19th, 2020
- Ooma Improves on Phone and Home Security with New Products for Cord Cutters - Cord Cutters News, LLC - January 19th, 2020
- Windows 7 computers will no longer be patched after today - Naked Security - January 19th, 2020
- How the Trump administration is secretly assisting Iranian protesters - Washington Examiner - January 19th, 2020
- Iowa results will be compiled over the internet, hacking threat aside - The Fulcrum - January 19th, 2020
- Interview with Jordan Blake on the potential of behavioural biometrics - The Paypers - January 19th, 2020
- Cyren (NASDAQ:CYRN) Stock Rating Lowered by Zacks Investment Research - Riverton Roll - January 19th, 2020
- Password Managers: What Are They & How to Use Them? - TechAcute - January 19th, 2020
- EZVIZ C6CN pan-and-tilt security camera review: Motion tracking keeps intruder in this camera's sights - TechHive - January 19th, 2020
- New Year, new gadgets? Five ways to keep your new devices safe from hackers, cyber attacks and malware - ZDNet - January 6th, 2020
- BlackBerry Collaborating with Amazon Web Services to Demonstrate Safe, Secure, and Intelligent Connected Vehicle Software Platform for In-Vehicle... - January 6th, 2020
- Internet of Things security firm Armis in talks to be acquired -media - Nasdaq - January 6th, 2020
- The Internet of Things: how safe are your smart devices? - Spectator.co.uk - January 6th, 2020
- Beset by lawsuits over poor security protections, Ring rolls out 'privacy dashboard' for its creepy surveillance cams, immediately takes heat - The... - January 6th, 2020
- Start the new year, and new decade, by making your slice of the internet more secure - Times Colonist - January 6th, 2020
- Industrial Internet Consortium teams up with blockchain-focused security group - Network World - January 5th, 2020
- Russia Takes a Big Step Toward Internet Isolation - WIRED - January 5th, 2020
- 'This Is the Beginning': Hackers Claiming to Be from Iran Take Over U.S. Government Website - PJ Media - January 5th, 2020
- Virus-Crippled Travelex Was Running Windows 8, RDP Connected to Internet - Computer Business Review - January 5th, 2020
- From the archives: Top ten WSU stories of the decade - - The Wright State Guardian - January 5th, 2020
- Down Over 30% Since August, Is Recent IPO Fastly a Buy for 2020? - The Motley Fool - January 5th, 2020
- North Dakota's building a cybersecurity operations center and everyone's invited - StateScoop - January 5th, 2020
- Quid Pro Quo the truth | Opinion - Kingstree News - January 5th, 2020
- All You Need to Know About Indias First Data Protection Bill - CISO MAG - January 5th, 2020
- Start the new year, and new decade, by making your slice of the internet more secure - SaultOnline.com - January 5th, 2020
- Cheetah Mobile (NYSE:CMCM) Stock Rating Lowered by Zacks Investment Research - Riverton Roll - January 5th, 2020
- The Army Bans TikTok - WIRED - January 5th, 2020
- Acer Introduces New TravelMate P6, a Durable and Thin-and-Light Notebook for Mobile Professionals - PRNewswire - January 5th, 2020
- Know in Depth about Internet Security Software Market Trends, In-Depth Analysis and Forecast To 2026 | Symantec, McAfee, Trend Micro, AVG - AnalyticSP - December 31st, 2019
- Staying Out Of Trouble In 2020 With New Security Practices And Human Firewalls - Forbes - December 31st, 2019
- Expansion of the Internet Security Software Market is Forecasted to Reach at Very High Rate By 2026 - Market Research Sheets - December 31st, 2019
- Bangladesh shuts down internet along India's border 'for the sake of the countrys security in the current cir - Business Insider India - December 31st, 2019
- The year in #StupidSecurity 2019's biggest security and privacy blunders - The Daily Swig - December 31st, 2019
- Together with the community, weve given away more than 100,000 for important causes - Security Boulevard - December 31st, 2019
- The Most Dangerous People on the Internet This Decade - WIRED - December 31st, 2019
- The Top Security Stories of 2019, Part Two - Foreign Policy - December 31st, 2019
- About That IoT Device You Received as a Holiday Gift... - Security Intelligence - December 31st, 2019
- China nears completion of its GPS competitor, increasing the potential for Internet balkanization - TechCrunch - December 31st, 2019
- Best Android antivirus? The top 11 tools - CIO East Africa - December 31st, 2019
- 4 Ways to Make Security Training A Priority in Your Healthcare Organization - HIT Consultant - December 31st, 2019
- Beware of the Smart Device: Ways to Stay Private and Safe - The New York Times - December 31st, 2019
- A ton of Ruckus wireless routers are vulnerable to hackers - TechCrunch - December 31st, 2019
- The MS-ISAC Helps State and Local Governments Boost Their Cybersecurity - StateTech Magazine - December 31st, 2019
- Discover Lafayette podcast with Rader Solutions' security team: Here are 9 tips to prevent data breaches - The Advocate - December 31st, 2019
- #SocialSec Hot takes on this week's biggest cybersecurity news (Dec 27) - The Daily Swig - December 31st, 2019
- Ookla Adds Free VPN To It's Speedtest App For iOS And Android - Techworm - December 31st, 2019
- How to Keep a Security Breach Out of your Internet-Connected Stocking this Christmas - Forbes - December 13th, 2019
- Internet Security Market: Deep Analysis by Production Overview and Insights 2019-2025 - Drnewsindustry - December 13th, 2019
- The Great $50M African IP Address Heist - Krebs on Security - December 13th, 2019
- Avast announces cybersecurity predictions for 2020, expects rise in mobile scams and IoT Malware - Gadgets Now - December 13th, 2019
- Office and Penetration Testing Software Increasingly Becoming Vectors for Malware - Campus Technology - December 13th, 2019
- Network attacks increased in third quarter, WatchGuard says - TechRepublic - December 13th, 2019
- What is a VPN Used for on Android? - eTurboNews | Trends | Travel News - December 13th, 2019
- Pulse Secure Partners with Nozomi Networks in IT-OT Convergence Play - Channel Futures - December 13th, 2019
- 2 Dead in Protests Over Indias Religion-Based Citizenship Bill - The New York Times - December 13th, 2019
- RIPE NCC and TRA hold roundtable in UAE on government role in Internet - Intelligent CIO ME - December 13th, 2019
- Global and Regional IT Security Market 2019 by Manufacturers, Countries, Type and Application, Forecast to 2025 - Industry PressRelease - December 13th, 2019
- How do Cypriots spend their time on the Internet? - In-Cyprus.com - December 13th, 2019
- CipherCloud and Thales Collaborate to Support Zero Trust Data Access - Business Wire - December 13th, 2019
- Malware variety grows by 13.7 percent in 2019 due to web skimmers - Eagle Online - December 13th, 2019
- Installing a Fake Internet with INetSim and PolarProxy - Security Boulevard - December 10th, 2019
- China to ban all American-made hardware and software in government and public offices - ConsumerAffairs - December 10th, 2019
- TLS 1.3 Is Coming: Here's What You Need To Know To Be Prepared For It - Forbes - December 10th, 2019
- Global Internet Security Market 2019 by Manufacturers, Countries, Type and Application, Forecast to 2025 - Breaking News Updates - December 10th, 2019
- Now, keep your data safe in a private, digital home on the internet, thanks to this tech startup - YourStory - December 10th, 2019
- Red Balloon Security Partners with Siemens to Deliver Cybersecurity to Building Automation Systems - Business Wire - December 10th, 2019
- Internet of Things (IoT) Security Product Market Expected to Deliver Dynamic Progression until 2028| Cisco Systems Inc - Global Market News 24 - December 10th, 2019
- Global IT Security Spending in Government Market 2018 Check Point Software Technologies, Cisco Systems, Fortinet - The Industry Press Releases - December 10th, 2019
- Poor Conducts By Avast Antivirus Review: Is Avast Good? - The Daily Sound - December 10th, 2019
- Global IT Security Spending Market 2018 Check Point Software Technologies, Cisco Systems, EMC, Fortinet, Juniper Networks - The Industry Press... - December 10th, 2019
- Global IT Security Spending in Government Market 2019 by Manufacturers, Countries, Type and Application, Forecast to 2025 - The Industry Press... - December 10th, 2019
- Internet security Market 2019 Business Growth, Size and Comprehensive Research Study Forecast to 2026 - Montana Ledger - December 9th, 2019
- $200,000 Internet Fraud: Will Anyone Investigate? - BankInfoSecurity.com - December 9th, 2019
- Will Your Small Business Withstand A Cyberattack? - Forbes - December 9th, 2019
- Analysis of the Greater China Secure Content Management Market 2018-2019 - Forecast to 2023 - ResearchAndMarkets.com - Business Wire - December 8th, 2019
- TikTok is the best place on the internet. We should all delete it - CNET - December 8th, 2019