“The best way to predict the future is to invent it.”
— Alan Kay, American computer scientist
In 2012, shortly after Yubico’s CTO and I had moved from Stockholm to Silicon Valley, we were invited to a meeting at Google’s headquarters. We were nine people, from seven different countries, who had gathered around a conference table to determine if our ideas for simplified public key crypto had merit. None of us was really sure at the time if they did, but we all agreed it was worth trying.
It is now 2016, and with U2F, the technical details that were discussed in the conference room, have been proven to work at scale. And U2F is just one of many solutions that has unfolded during this time. Four years ago, the YubiKey was basically a one-time password device. Today, it’s the Swiss Army Knife of authentication and cryptographic functions, including Yubico OTP, static password, challenge-response, OATH, PIV, NFC, OpenPGP, PKCS#11, and touch-to-sign — all in one tiny 3-gram device!
During those four years, Yubico has increased sales ten-fold, earned profits, won eight of the top 10 internet brands and 20% of the Fortune 100 companies as customers. The largest brands and forward-thinking organizations know that it is not a matter of if, but when, their passwords, computing devices, and servers will be hacked. They now also store their encryption secrets locally, not at the security vendor.
Going forward, we see evolution and innovation rooted in three primary areas:
Users have, and will continue to combine, computers and mobile devices into a single computing experience. Authentication and encryption solutions need to work across all these devices. So, in addition to USB and NFC, we will be adding Bluetooth support in YubiKeys. U2F crypto will eventually be integrated into security chips in phones and mobile apps, as an alternative security complementary to YubiKeys.
Building identity and strong authentication to operate at internet scale requires open standards, and the winning solutions will have built-in support in leading platforms and browsers. To help define this path, Yubico is a member of the open standards organizations W3C, OIX, FIDO, and IDESG.
Beyond strengthening authentication to resources, companies need to protect the integrity of servers, computer code, and cryptographic secrets — with simple and portable security modules. To eventually serve all users and servers, Yubico will continue to develop cryptographic functions for the YubiKey and YubiHSM.