Welcome to the Future, It’s about to Get Really Interesting…

September 7, 2014 4 minute read

This week ushered in my start with Yubico and I couldn’t be happier to be a part of what is going on here. The challenge in any new job is that while your colleagues are at a full-on run, you’re still learning how to walk. But after five days, I do know I better catch up to them soon because the advancements and opportunities related to authentication technology are poised to come forward fast and furious.

Apple’s iPhone event next week is a hint at security and usability improvements that will spread across the industry. While Apple is initially focused on electronic payment transactions, you could easily swap in the word “authentication” for “payment” and get a picture of where things are going.

The new iPhone 6 by all accounts will show up with NFC support, which is sweet music to the electronic payment system folks. Why, because they can insert new levels of security and fraud protection leveraging the chip technology infrastructure without upsetting the familiar end-user experience of using the card. And they can do it without passing through software susceptible to malware.

They can provision shared secrets, thus protecting real credit card numbers throughout the transaction process and thwarting hackers via a scheme known as issuer tokenization.

“Now if someone steals transaction records from Home Depot, they get one-time numbers that are useless, it totally kills all these breaches,” said Steve Sidner, an independent security and payments consultant based in Omaha, Neb.

Chip-and-pin cards, well known in Europe and coming by mandate to the U.S. next year, are proof that the system works. (The devil in the details is the cost for swapping out current technology in POS systems and issuing new cards).

But the real sweet music to security wonks; there is virtually zero convenience/security trade off, which has always been the barrier to end-user entry.

That is a win for customers and vendors.

Take that same scenario, but think about an authentication transaction rather than a financial transaction. It works in a similar way but with a different flow. Think of a simple yet elegant hardware-based way to exchange public keys and private secrets, think of no software installs, think of a contactless device that wakes up your phone and announces it is there for a private conversation around strong user authentication.

Think of that same scenario with other contactless technologies.  Think of form factors from earrings to watches to clothing.

Major companies with a significant stake in online services and applications are certainly thinking about all that.  And they are poised to roll out first phases, not next year, but by the end of this one.

The FIDO Alliance is thinking about it and how to run it over a standard set of protocols — and, of course, the Alliance contains some of the same card issuers salivating over Apple joining the NFC device party with rival Android.

And I have been thinking about all this. That is one reason I am at Yubico trying to help get the message out about the potential for a major shift and a run at finally gaining a significant share of end-user acceptance for stronger security.

I wrote about this yesterday on my blog Identity Matters that runs on the technology web site ZDNet.

Pay attention to what happens next week within Apple’s initial limited NFC scope, but keep in mind the bulk of the benefits are more wide-spread and still to come.

I think the YubiKey is poised to fuel this market with its one-touch strong authentication.

The one thing that jumped out at me is when you insert the key into a USB port it looks like an external keyboard to your computer. So in essence strong authentication is added to your computer by including just one additional key to the 78 or so that are already on a typical computer keyboard.

Strong authentication delivered with a keystroke, likely one of the oldest and most understood end-user experience in computing. As just one example, the strong authentication experience is already familiar to scores of engineering teams, who securely log-in hundreds or thousands of times a day just by touching the one extra key.

That is cool. I’m really interested to see where all this can go.

Share this article:

Recommended content

Thumbnail

Yubico Pioneers the Simplification of Smartcard Support on Mobile for iOS

Yubico is committed to enabling YubiKey integrations for all of our technology partners and enterprise customers with the least amount of friction and time-to-market as possible. With this goal in mind, we are very excited to announce the public general availability of our Yubico Authenticator for iOS app that now supports YubiKey-based smartcard login alongside ...

Thumbnail

Celebrating 5 impressive women in tech for International Women's Day

As Yubico’s CEO and Founder, I’m often asked about the challenges of being a female entrepreneur. My best piece of advice to other aspiring entrepreneurs - women or men - is that you will face a lot of push backs and challenges, so you better love what you do and truly believe in it – to enjoy the journey and keep going!

Thumbnail

Customer YubiStories: How a biopharmaceutical company solved NFC authentication with a YubiKey and wristband

One of the greatest things about the YubiKey is that it can be used in virtually any environment and by any user. While we all know about the common user experience of plugging in your YubiKey then touching to authenticate, we often hear unique stories from our customers about how they used creativity to address ...

Thumbnail

Secure Manufacturing

Made in Sweden & USA Yubico is a Swedish company that owns subsidiaries in the USA, UK and Germany. We strongly believe there are security and privacy benefits for our customers by manufacturing and programming our products in Sweden and the USA. To ensure that we are very close to all aspects of manufacturing, we ...