Why 2018 will be the year for authentication hardware

February 5, 2018 3 minute read

A journalist recently asked me why the world is seeing the return of hardware authentication. My response is that hardware actually never went away. Today, there is no more prevalent form of user verification than hardware. If there had been an easier and more secure way to deploy and revoke user credentials for billions of people, we would not have hardware SIM cards in our phones or chip credit cards in our wallets.

Security is all about minimizing attack surface and achieving separation. The recent Spectre and Meltdown attacks illustrated that it’s hard to achieve watertight separation between processes as systems become increasingly complex. General purpose computing devices that are connected to the internet have big attack surfaces, making them vulnerable to attacks from many fronts, including malware, phishing, malicious apps, Wifi exploits, VPN masking, and social engineering.

However, hardware security devices by themselves do not automatically make things more secure. Modern threats require stronger cryptography with a tighter integration to the applications they’re designed to protect. As a result, we will see increased awareness and adoption of hardware-based authentication and encryption devices using public key cryptography throughout 2018. These devices keep cryptographic information physically separated from the computing device they are connected to, dramatically minimizing the attack surface.

The benefits of using hardware authenticators go beyond just security. Users wanting to ensure privacy do not want to leave footprints that tie their identity to a particular device. Most mobile devices are controlled or monitored by the telecom or platform providers, collecting data about user activities. Furthermore, tying user identity to a device does not easily allow for multiple identities, such as separate identities for work and personal accounts, or being anonymous. Hardware authenticators, such as the YubiKey, do not require you to share any personal details of yourself to authenticate.

Additionally, there are enterprises who do not allow their employees to bring their phones to work, which makes mobile device based authentication inaccessible. In some geographic locations, there are regulations in place that prohibit companies from forcing employees to download business applications on personal computing devices.

Mobility is another important benefit of hardware-based authenticators. With your credentials tied to an integrated device, it can be difficult to move your login credentials between devices, as there is no seamless communication standard between all computers and mobile platform. Using a hardware authenticator with multiple communication methods solves this problem.

Finally, hardware authenticators offer significant benefits related to backups. Independent of what type of authentication technology selected, users will sooner or later lose, break, or reset their login devices. When organizations allow the use of multiple affordable hardware authenticators, one as a primary and others as backups, productive work will increase and support calls will decrease. A hardware authenticator, such as the YubiKey, can cost less than a support call, and a fraction of the expense of using a mobile phone.

Today, in 2018, Yubico and all leading browsers and platform providers are engaged in open standards work based on hardware and public key crypto across leading standards organizations, including the FIDO Alliance, W3C, IETF, and OpenID. We work together not as competitors, but as true leaders collaboratively driving the open standards that will stop the number one problem of IT security breaches for login, payments, IoT, and beyond: stolen user credentials.

Share this article:

Recommended content

Thumbnail

Combating ransomware attacks on your enterprise

What do a PC manufacturer, a meat supplier and a mental health clinic have in common? They have all been victims of ransomware attacks. They’re not alone. Ransomware attacks grew by over 485% in 2020, leveraging the new ransomware-as-a-service (RaaS) model of profit-sharing in exchange for ransomware tools.  One of the most infamous recent ransomware ...

Thumbnail

Top five pitfalls companies should avoid when rolling out a passwordless strategy

Given the number of breaches in the news today where passwords were at the root of the problem, many companies are now exploring the benefits of a secure passwordless future. Secure passwordless logins not only bring cost efficiencies and a more frictionless user login experience into the organization, but deliver the security that is necessary ...

Thumbnail

Built-in FIDO authenticators and YubiKeys are making the internet safer for all

In 2007, Yubico set out to protect as many people as possible by making secure login easy and available for everyone. We are happy Apple has joined Yubico, Google, and Microsoft on this journey by implementing W3C WebAuthn/FIDO compatible platform authenticators and are pleased to say that now all major platforms have adopted the standards ...

Thumbnail

Your Bridge to Passwordless: Key Considerations When Building a Secure Passwordless Strategy

Learn about the key considerations to take into account when determining your path to passwordless, so that you can enhance organizational security while delivering users a fast and easy user experience.