What if there was a key for the laptop that you can use to easily log into the laptop and various systems? There is now a solution for exactly that. The so-called Yubikey fits on every bunch of keys and improves security when logging in through hardware-based authentication.
Anyone who works with digital data that contains sensitive information must protect it adequately. There are many vulnerabilities and hackers can also spy out, intercept or crack well-chosen passwords. In addition to password-protected log-in data, there are other ways to protect online accounts, computers and even smartphones. Two-factor authentication, for example, is ideal for this. An app is also often used to generate a one-time password (OTR). Sending SMS with a code is often popular with banks, but it is cumbersome. The “Yubikey” from the company Yubico is therefore intended to simplify the authentication process as easy-to-use hardware.
A USB stick as an alternative to the password
The pinnacle of two-factor authentication are USB sticks that offer various authentication and cryptographic protocols. Different variants are offered to provide access to computers, networks and online services.
The Yubico company uses well-known open source software such as Open-PGP 3, U2F or OTP for its Yubikeys and can be used for all major operating systems. The head of the US company, Stina Ehrensvärd, wants her security product to be cross-platform. Solutions are therefore available for Microsoft Windows, macOS, Android and Linux. Despite the use of open software, the Yubikey is a closed system and does not disclose its programming code. An independent check for vulnerabilities is therefore not possible.
How does the Yubikey work?
The Yubikey is intended to make it difficult for hackers to gain access to laptops and computer systems. Because to log into the systems, the physical key is required instead of a hackable password. The sticks therefore have different interfaces such as USB-A, USB-C and Lightning. An NFC interface is also integrated, with which devices without one of the connections can be legitimized by hanging up. Thus, the Yubikey can be used for laptops, computers and even smartphones.
With NFC-enabled smartphones, it is sufficient to insert the USB stick for complete authentication. Stolen login data or hijacked apps are no longer sufficient to access a system.
Google, Facebook and Microsoft are there
Some technology companies and large banks already use the security key for their employees. Including the most well-known Internet companies such as Google, Twitter and Microsoft. Facebook and Dropbox also use personal account protection technology.
According to Yubico, Google was able to analyze that after the delivery of 50,000 security sticks in 70 countries, the company’s own password support could be reduced by 92 percent. Large tech companies struggle to spend thousands of hours a year solving their employees’ password problems. The physical USB stick prevents problems such as repeatedly entering the wrong password and possible account lockout.
Safety sticks offer a multitude of variations
Depending on the model, there are various possible uses for the Yubikeys. They can be used for one-time passwords (OTP), which the stick sends directly to the respective operating system when it is plugged in. The OTP procedure traditionally requires a user name and password to be entered.
Another option is the so-called Yubikey smart card, which logs into the system via interfaces and legitimizes it using a PIN entered by the user. This type of access is used in military installations and the US Department of Defense to secure buildings and systems.
The Yubikey also supports the FIDO U2F protocol, which is available in different versions. In principle, the key stick is used after entering a user name and password and only then unlocks the system. However, there is also the option of accessing a system with the key without a password.
In addition, Yubico uses passwordless authentication with FIDO2 for its stick. The main aim is to cover other use cases that run without a password. For example, the company also offers Yubikeys, which enable authentication with fingerprint sensors. To do this, however, users must enter biometric data.
Also read: Federal agency tests security features of iPhone and iPad – these are the results
Will login without a password work in the future?
Until now, two-factor authentication has mainly been used to provide additional security for password-protected accounts. However, Yubico also offers USB sticks that do not use passwords at all. This could solve some known user password issues in the future. In the passwordless version, the Yubikeys can be secured using the biometric features of the user or a PIN. But especially for people who do not want to save biometric data, this simpler option is not applicable. Which variant the user chooses depends on the importance of the information or data on a computer system. The safest option is to additionally secure your password with the hardware-based key.
Sources
- Yubicoaccessed 10/13/22.