When the internet was designed 30 years ago, security was not a priority as it was primarily created as a way to connect and easily share information with others around the world. Fast forward to today with news of hacks and breaches almost daily, much of the online world is trying to play catch up to help secure themselves, and in many cases, their companies by adopting better cybersecurity practices and tools.
Since Yubico was founded in 2007, we’ve made it our mission to address this important challenge and make the internet safer for everyone. As the pioneer of modern hardware security keys and co-creators of open authentication standards, including FIDO2, WebAuthn, and FIDO Universal 2nd Factor (U2F), we take the security of everyone very seriously.
Tech companies pushing MFA adoption
This past year, amid a massive transition to distributed workforces around the globe, stronger security practices and the need for strong authentication has become a necessity for organizations. This is leading many to make moves to secure their internal teams, as well as customers, to protect them from becoming victims of cyberattacks.
In line with this shift, Google recently confirmed plans to auto-enroll 150 million Google users onto its 2FA system (two-step verification or 2SV, as Google calls it), and require two million YouTube creators to activate it by November 1, 2021. Many other companies are also enforcing security key MFA for their applications and end users, including GitHub and Meta (Facebook) for its Business Manager tool, and we can expect this to only continue.
We’re thrilled to see further strong authentication adoption, but it should be noted that not all MFA is created equal. Just earlier this week, Motherboard published an eye opening piece on the underground market for bots that steal your SMS and app-based codes. The bots target the user specifically, tricking them to disclose their authentication codes and get them into the hands of a hacker. As noted in the article, ‘this existence and increased popularity raises questions on whether online services need to offer more phishing-resistant forms of authentication to protect users’.
Security Keys, like the YubiKey, which support modern FIDO/WebAuthn authentication, are the only proven method to prevent account takeovers. Currently, some of the world’s largest tech companies, including Google, Twitter, and Microsoft, as well as millions of users in 160 countries rely on the YubiKey to defend against increasingly sophisticated, widespread attacks like spear phishing and ransomware.
Modern, phishing resistant authentication with YubiKey
You have a key for your car and your house, why would you not want one for your online identity, applications, and data? With authentication enforcement on the horizon, Google and YouTube creators, as well as users for any other supported apps or services, can protect their accounts with the highest levels of security with the YubiKey 5 Series, as well as the recently introduced Security Key C NFC. Additionally, YubiKeys can be added to any keychain to travel with you or stay semi-permanent in your USB port, making them convenient wherever you are.
At Yubico, we feel we have a responsibility to make the internet safer for everyone and support the mission in which we were founded. In some cases, access to tools like YubiKeys might be harder for some, which is why we created Secure It Forward, a program dedicated to donating YubiKeys to high-risk individuals or organizations that are defending freedom of press, human rights, and election security. For every 20 keys sold on the Yubico e-commerce store, we donate 1 key to nonprofits, individuals, or organizations in need so they can immediately lock down their accounts. Additionally, we have also been working with Defending Digital Campaigns (DDC) over the last year and a half providing YubiKeys to bi-partisan campaigns.
We believe that with education, training and the proper tools, usage and adoption rate of strong, modern 2FA and hardware keys, like YubiKeys, will only continue to increase. Do you want to see more of your favorite online services and apps protected from account takeovers? If yes, you can help make it happen with this Tweet asking for YubiKey & WebAuthn support.
With YubiKeys, you can rest easy knowing that you’re investing in the most secure way to protect yourself online. To find out which YubiKey is the best fit for you, visit https://www.yubico.com/quiz/.