White paper: Bridge to Passwordless best practices
The one thing end-users don’t seem to have over hackers these days is an edge.
Yubico is changing that.
Today, we introduce a new key we’ve dubbed the YubiKey Edge. The goal is a cost-effective key with a collection of second-factor authentication options that guard against attacks on your accounts either via malware, phishing and other techniques. YubiKey Edge also includes an option to create a strong static password for use with apps and services that require a login but do not support one-time passwords.
YubiKey Edge, which comes in both the Standard and Nano format, includes the one-time password (OTP) features that are the foundation of YubiKeys, including Yubico OTP, OATH, and Challenge-Response. The OTP provides a secure 128-bit AES encrypted single-use password. The features work with apps such as Salesforce and LastPass.
In addition, we’ve added support for the FIDO Alliance’s Universal 2nd Factor (U2F) protocol, which provides easy-to-use public key cryptography.
YubiKey Edge shows itself as a USB keyboard when used in an OTP mode. There are two configuration “slots” on the key that are active at one time, which in essence turns the key into two keys in one. (A longer touch to the key activates the configuration in the second slot.)
For example, Slot 1 could be configured to provide a complex static password that replaces your traditional password. In Slot 1, the static password is activated with a quick touch to the key. Slot 2 could be configured with a second-factor OTP activated with a longer, multi-second touch of the key.
This configuration is easily achieved with a personalization tool available free from Yubico.
The static password can be used to replace your current password (just change your password using the “change password” feature of your app or service and when needed the Yubikey will enter the password you have configured).
This is only one example, the slots on the Yubikey can be a combination of any of the OTP or static password options.
On the U2F side, the key presents itself as an HID (Human Interface Device), similar to mice, game controllers and display devices that plug into USB ports. U2F works via the browser, with Google Chrome offering initial support and Mozilla’s Firefox under development. Gmail and other applications such as WordPress are supported, and additional U2F-compliant apps and services are in the queue for release by various vendors in the coming months.
U2F does not require any client software or drivers, and is available on every version of Yubikey except the YubiKey Standard and YubiKey Nano.
As part of the YubiKey Edge introduction, Yubico has released a new version of its NEO Manager that supports YubiKey Edge.