Freedom of the Press Secures Free Speech with the YubiKey

Smart cards replaced with YubiKeys.

Industry

News / Media

Protocols

U2F, PGP

Products

YubiKey 4

Deployment

Staff and Journalists

Download Case Study

About Freedom of the Press Foundation

The Freedom of the Press Foundation (FPF) is a 501(c)(3) non-profit organization founded in 2012 to fund and support free speech and freedom of the press. The organization’s main objective is to protect and defend adversarial journalism in the 21st century. FPF uses crowdfunding, digital security, and Internet advocacy to support journalists and whistleblowers worldwide.



The need for highly secure, reliable, durable hardware authentication

At FPF, all employees are now required to enable two-factor authentication (2FA) on all accounts. The goal is to not only secure interoffice communications, but also protect the confidentiality and integrity of information sources.

To provide secure account access, the organization used to rely on smart cards, but the original hardware broke easily and other options were too bulky, brittle, and expensive to replace. As a result, the organization wanted a hardware solution that was durable, easy to deploy, and affordable enough to purchase backup options.

“YubiKey was the ideal solution because it’s really helpful to have multiple YubiKeys for a variety of purposes, including a backup key. Affordable prices made that possible for us,” said Harlo Holmes, Director of Newsroom Digital Security, Freedom of the Press Foundation.


“YubiKeys have become an integral part of the Freedom of the Press Foundation. From helping secure interoffice communications, to training journalists with varying degrees of technical savvy, YubiKeys have revolutionized how we advocate for, educate on, and soundly practice end-user digital security.”

— Harlo Holmes, Director of Newsroom Digital Security, Freedom of the Press Foundation


YubiKeys help journalists protect the confidentiality of their sources

All FPF staff have now replaced their original smart cards with YubiKeys that support both U2F and GNU Privacy Guard (GPG) authentication for multiple types of accounts. For instance, many of the FPF staff now use YubiKeys as the second factor for SecureDrop, an open-source software platform that secures communication between journalists and their sources. This ensures FPF journalists can quickly access their digital accounts while ensuring the confidentiality of their sources.

The transition from smart card to YubiKey two factor authentication was fast and easy with support from Yubico. FPP took advantage of Yubico support to quickly resolve questions regarding usage during deployment. As Holmes concluded, “This transparency and accessibility goes a long way in establishing trust in the company.”



Simplifying digital security in a complex world

Overall, the YubiKey deployment has been a big success. According to Holmes, “Journalists really love their YubiKeys. The vast majority of our trainees have been using it for U2F, and they love it because it’s incredibly easy. U2F works out of the box so nothing was necessary to get started there. YubiKeys also work very well with ‘dumb phone’ users, older users, and people who are less technically savvy. The physicality of the object seems to give them more confidence that they, too, can be more digitally secure, even when the digital world seems hard to navigate.”