About Code Enigma
Code Enigma is one of the leading Drupal specialist companies in Europe. Operating since 2010, and with an expert team spread around the world, Code Enigma offers a full project lifecycle of services. They range from initial consultancy through to responsive design, Drupal website development, ongoing training, support, content strategy and a full suite of Drupal hosting solutions.
All quotes by Greg Harvey, Director, Code Enigma.
Deploying Strong Authentication
Code Enigma hosts PHP applications for a living, mostly Drupal websites. The company provides a superior service to most hosting companies because of their expert knowledge and investment in technology. Customers understand the value, and Code Enigma is always looking to differentiate further — to remain “best of breed” for people who want real custom, high-level service with maximum security. Being ISO 27001:2013 certified, they have a commitment to continually improve their information security, including authentication. For Code Enigma, physical two-factor authentication (2FA) was the obvious next step, and after a ton of research, they decided YubiKeys were the way forward.
“We use the YubiKey pretty much everywhere! We’re rolling it out for Drupal authentication, already using it to secure SSH and ‘sudo’ on all our production servers (which are all running Debian Linux), we’re implementing it in our client dashboard and we’re planning to continue the implementation to cover ticketing and code management systems as well.”
Choosing the YubiKey for Two-Factor Authentication
“We chose the YubiKey for a number of reasons really. First, the devices themselves are pretty cool, there are a range of options, even NFC with the NEOs, and they go on your key ring. Mine is on my key ring and it doesn’t impede me at all, plus it’s tough enough to take living alongside a pocket full of change.”
Secondly, for Code Enigma, support for open standards is something they live and breathe, and to see Yubico sharing the same values is encouraging — the fact Yubico is so involved in FIDO, U2F development, etc. gives the company great confidence in a choice that is future-proof. Third, the fact all the Yubico software was open sourced, allowing Code Enigma to stand alone and run their own infrastructure.
“We felt it was a bit unprofessional to say to our customers “we do 2FA, but you have to use your own cell phone or buy your own equipment”, so we wanted something we could easily buy and ship to people to say “this is your Code Enigma 2FA device”, and the YubiKey is a great solution for permitting that in an affordable way.”
Integrating the YubiKey
Code Enigma uses YubiKeys in two ways, the first is using the Yubico OTP technology (a YubiOTP Credential) and the second is to provide an alternative to Google Authenticator for their staff, especially if they don’t want to use their personal cell phones for work. Because standard YubiKeys have two memory slots, Code Enigma configures Slot 1 to use their own YubiOTP server to authenticate and the other for a TOTP credential as used by Google Authenticator for logging into Google Apps.
“Integrating with applications was really simple. Some examples that leap out are there’s already a Drupal module, our client dashboard is built on Symfony and there was already a “bundle” for that, there’s a PAM module for Linux authentication — we practically haven’t had to write any code! Just pick up the open source pieces already out there and deploy them appropriately.”
User Experience and Feedback
“Feedback has been very positive. For one, customers are impressed we have this second factor and give out the devices for free — limited to two per client. When they get them, the first comment is how small YubiKeys are! People are used to these enormous fobs with LCD screens, a standard YubiKey is tiny in comparison, never mind the Nano, which is smaller than my thumbnail.”
“The second comment is how nice it is to just press a button and not have to read anything off a screen and enter it. One touch and you’re done is really nice, users love it, clients and staff alike. It’s a massive win over other devices for user experience, but we do like to make sure users aren’t putting them in upside down the first time they use it.”
Working with Yubico
“We haven’t really had too much direct interaction, because everything is self-service and just worked! Give us quality hardware and software, with good documentation that works as advertised and we’re happy. When we order a batch of YubiKeys they always arrive on time, without error, which you expect from every vendor, but it isn’t a given.”
“Yubico clearly cares about their users. I wrote one blog post about implementing YubiKeys and here we are being invited to write a case study. It’s nice they keep an eye on the people who use their products and want to engage with us, I’m really impressed.”
Find out more about YubiKey for Businesses