Yubico’s YubiKey — Hardware-Based Protection That Delivers Robust Security and Instant Multi-Factor Authentication With a Touch of a Finger

Yubico’s YubiKey — Hardware-Based Protection That Delivers Robust Security and Instant Multi-Factor Authentication With a Touch of a Finger

TL; DR: As news of data breaches and identity theft seems to hit the headlines daily, business and consumers are seeking better ways to keep their information safe. Enter Yubico — a provider of online security and authentication solutions. The company’s flagship product, YubiKey, offers hardware-based authentication in the form of one-time passwords, encryption, and the FIDO U2F protocol. We recently sat down with Yubico’s VP of Communications Ronnie Manning, who told us how YubiKey is delivering flexible authentication tech to safeguard businesses, remote workforces, and consumers alike.

Kate is part of a web development team for a wearable tech review site. As is the case with many startups, her company operates within thin profit margins. But one investment that always makes it into the budget is security to safeguard company and user data. As a result, Kate and her coworkers secure their email accounts and the company’s CMS with two-factor authentication. This adds an additional layer of protection when users sign into the network.

An increasingly common data security method, two-factor authentication can take the form of confirming one’s identity and account ownership via SMS-based passcodes. While effective, Kate’s team finds the process to be tedious and costly, especially in the event of a misplaced phone. But this all changed when Kate and her team stumbled across the new approach to authentication delivered by Yubico.

After reading about Yubico’s hardware-based authentication device, YubiKey, Kate and her coworkers quickly made the decision to adopt this interesting new technology. Two weeks later, the team’s morning business routine was completely changed.

Each day, prior to logging in, Kate simply grabs a thin USB device from her lanyard and plugs it into her laptop, which she brings from her home office. One tap on the device and a few clicks and keystrokes later, and she is securely logged in. As is the case with Kate’s web development team, many businesses benefit from two-factor authentication to keep their assets secure.

“There’s a massive need for two-factor authentication in the enterprise space, and we’re seeing it much more in our daily lives,” said Ronnie Manning, Yubico’s VP of Communications.

The Advantages of a Hardware-Based Approach to Authentication

Although two-factor authentication is often associated with email and SMS confirmations, its practice is much older and more common than one may expect. For example, when debit cards are swiped at an ATM or sales register, the person in its possession is then prompted to enter a personal identification number (PIN).

Assuming this PIN is not shared with anyone else, only the original cardholder would be able to authenticate their ownership. The use of PINs by banks has been in practice since 1967 when the first ATM was introduced.

“Two-factor authentication has been around for quite some time,” Ronnie said. “A lot of people may be doing it and not even realize that they are.”

Ronnie Manning's headshot and the Yubico logo

Yubico’s Ronnie Manning said YubiKey’s hardware-based authentication is more effective than SMS-based methods.

While traditional authentication methods are effective, they are far from foolproof. Breached phones and email accounts are a hot topic in today’s world because these attacks affect much more than just inboxes.

“SMS has depreciated as an authentication method for a number of reasons,” Ronnie said. “One is mobile hijacking, and also phishing attacks where people are able to get your information and mobile number.”

Criminals can access these accounts and cause further damage by accessing bank accounts, insurance records, and business assets. To circumvent these vulnerabilities, Yubico has put a unique spin on authentication with its hardware-based YubiKey solution. Similar to a smart card, YubiKey is one step ahead of popular mobile-based authentication methods and simply requires a physical tap to authenticate.

YubiKey is sold in several forms as keychain-sized and nano-sized USB-A devices, and also similar USB-C designs. Each design supports FIDO Universal 2nd Factor (U2F), one-time passwords, and a variety of additional authentication protocols. FIDO U2F generates unique key pairs based on public and private key cryptography, which are exclusive to each service or application login. The FIDO Alliance consists of more than 260 organizations and was created to address interoperability issues with authentication devices.

Reinforcing Remote Workforce Security Across Industries

As most enterprise-level software requires credentials to run, the login process is a major point of concern for any business. Today, nearly every industry uses some form of this software, whether it is modeling software for engineers, CRM software for retailers, or database software for banks and other important institutions.

In addition to padding data protection, YubiKey simplifies logins for users and lessens the number of support calls to IT departments.

“We really play across all industries and verticals — from large enterprise deployments to individuals who want to secure their own personal Gmail or Facebook accounts,” Ronnie said.

Among the industries that benefit most from hardware-based authentication are those in tech fields, as many of these businesses have remote or hybrid workforces. The pervasive bring-your-own-device (BYOD) trend in such niches means companies have a harder time securing devices outside the corporate office.

“Having remote workers, you are able to use YubiKey to secure their VPN logins,” Ronnie said. “You can give them to your employees, and they can protect their work accounts and their work-related logins. Then, they can take that same YubiKey home and protect their personal accounts.”

Flexible Authentication Technology For a Variety of Use Cases

YubiKey uses several protocols, such as FIDO U2F, OTP, and PIV, and is compatible with Windows, Mac, and Linux systems. As such, YubiKey is suitable for use with hundreds of online services, including Google, Dropbox, and Facebook.

Enhanced authentication through YubiKey makes the web safer for educators, developers, businesspeople, and personal users alike. Yubico’s product finder helps customers choose the solution that best suits their situation by answering questions related to technical prowess, industry, and usage.

Collage showing YubiKey family of products

YubiKey can be used by employees to safely access networks remotely or by users to log into personal web accounts.

U2F is the open-source authentication standard co-developed by Yubico and used most often by YubiKeys. Because it is open-source, the U2F protocol is flexible enough to be implemented into one’s own software or website.

“People build their own solutions for many different problems,” Ronnie said.

As an example, Ronnie cited the three-point seatbelt — originally developed by Volvo — as another success in safety due to open standard technology.

“This way, it’s better for everyone,” he said.

The Mission: To Safeguard the Web with Open Standards

YubiKey is available in a number of form factors, including the popular USB-A type, as well as Nano, which serves as a semi-permanent solution for users who need to authenticate more frequently. YubiKey is also available with NFC for mobile devices and the latest designed laptops, including Macbooks with USB-C ports. With the USB-C interface becoming more widespread, these additions are Yubico’s latest efforts to keep user security accessible to all.

As evidenced by its deep involvement in the development and continued use of the FIDO U2F protocol, Yubico is a company that supports open-source development and the advancement of technology that makes the web safer and easier to use. Aside from selling its own authentication technology, Yubico allows access to a variety of open-source software for developers to create their own personalized solutions.

“We have free and open-source software on our website that people can take if they want to implement Yubico OTP, U2F, and more on their own software or service,” Ronnie said.

This technology has been deployed by many major organizations, including Google, GitHub, and the UK government.

Founded in 2007, Yubico has accumulated offices across the globe. In just over a decade, the developer has amassed a number of awards, including several for it being a female-led company, headed by CEO and Founder, Stina Ehrensvard. Additional recognition includes five-star reviews from SC Magazine, a UK-based authority on threat intelligence.

Ronnie told us Yubico’s primary aim is to reinforce the safety of those online all over the world. And, with its pocket-sized YubiKey, Yubico is realizing that goal.

Sean Garrity

Questions or Comments? Ask Sean!

Ask a question and Sean will respond to you. We strive to provide the best advice on the net and we are here to help you in any way we can.