Code Enigma deploys fast, secure, and easy authentication with YubiKey

Protecting customer and proprietary data

Code Enigma is known for its expertise in Drupal and custom, high-level service with maximum security. As an ISO 27001:2013 certified company, Code Enigma is committed to continually improving their information security, including authentication. As part of the company’s ongoing security efforts, Code Enigma wanted to implement physical two-factor authentication (2FA) to secure access to sensitive data such as customer information and proprietary code.

Code Enigma specifically needed a more secure way to enable Drupal authentication for customers, protect access to the client dashboard, and secure SSH and sudo access on the production servers, which run Debian Linux. A requirement was also to enable 2FA without the need for customers or employees to use their own cell phone or buy their own equipment. The solution also needed to be affordable and easy to procure and ship. The company chose the YubiKey because it met all of their requirements for flexibility, affordability, and ease-of-use.

“Integrating with applications was really simple — we practically haven’t had to write any code. Instead we just pick up the open-source pieces already out there and deploy them appropriately.”

Enabling secure and easy 2FA without requiring a personal device

Code Enigma uses the YubiKey in two ways. Firstly, Yubico OTP technology is used as an authentication credential. Secondly, the YubiKey provides employees with an alternative to Google Authenticator, particularly when employees do not want to use personal cell phones for work. Because the YubiKey has two memory slots, Code Enigma configures Slot 1 to use their own YubiOTP server to authenticate and the other for a TOTP credential as used by Google Authenticator for logging into Google Apps.

Not only was Code Enigma happy with the YubiKey experience itself, the company was highly encouraged by the fact that Yubico led the development of the FIDO U2F standard. In addition, because Yubico software is open-sourced, it allows Code Enigma to manage the YubiKey deployment within the organization without relying heavily on proprietary software.

“Integrating with applications was really simple — we practically haven’t had to write any code. Instead we just pick up the open-source pieces already out there and deploy them appropriately,” said Greg Harvey, Director at Code Enigma.

The YubiKey wins over customers and employees

According to Harvey, customers and employees have been thrilled with the YubiKey experience. “Feedback has been very positive. For one, customers are impressed we have this second factor and give out the devices for free. When they get them, the first comment is how small YubiKeys are. People are used to these enormous fobs with LCD screens, but a standard YubiKey is tiny in comparison. And the Nano is even smaller than a thumbnail.”

In addition to the convenient form factor, users love the authentication experience. “We keep hearing how nice it is to just press a button and not have to read anything off a screen and enter it. Users love it — clients and staff alike. It’s a massive win over other devices for user experience,” said Harvey. As a result, Code Enigma is planning to expand the YubiKey implementation to their ticketing and code management systems as well.