Q&A: Yubico’s director of engineering on how to defend against rise in phishing attacks

September 22, 2022 2 minute read

Yubico’s mission is to make the internet safer for everyone, and at the heart of that is a belief that the best security requires usability. Anyone who accesses the internet is at risk from cybercrime, so YubiKeys are designed to provide phishing-resistant MFA protection for everyone. That’s why YubiKeys are so simple to set up and use, and don’t require additional software to defend against phishing attacks.

While the user experience is simple, the technology underpinning YubiKeys is much more complicated, and has developed considerably since the first prototype was created in 2008. This progress has been thanks to the work of a whole team, located mostly in the U.S. and Sweden. One important member of this team is Dain Nilsson, Yubicos’ director of engineering.

Dain won the inaugural YubiKing developer competition in 2009, while still a student at Stockholm’s prestigious KTH Royal Institute of Technology. He then spent time as a developer at companies including SmartBear Software, before joining Yubico in 2012 as Senior Software Developer. Having experienced–and played a leading role–in the development of the YubiKey over the years, he’s well-placed to explain how authentication technology has advanced. 

Dain recently spoke with IT-säkerhetspodden, a Swedish IT security podcast, hosted by Mattias Jadesköld and Erik Zalitis, in collaboration with Nordlo. Their conversation is a fantastic introduction to the technology behind the YubiKey and what makes it so unique.

You can listen to the full discussion in the podcast here. The episode is in English, aside from a short intro message.

At one point in the episode, there is a very technical discussion about ”Asynchronous Remote Key Generation.” We’ve previously explained this topic on our blog, and for those who are visually-minded, the below illustration can be helpful while listening to the podcast.

Additionally, we’ve put together a video of our highlights, including:

  • How to defend against phishing attacks using the YubiKey?
  • How do YubiKeys help remote workers stay secure?
  • How do I set up my YubiKey for the first time?

Watch the full video below:


Share this article:

Recommended content

Thumbnail
authenticationauthenticationauthenticationpasskeyssurvey

New Global Survey from Yubico finds 59% of Employees Still Rely on Username and Password as Primary Method to Authenticate Their Accounts

To kickoff Cybersecurity Awareness Month, Yubico brings top industry leaders together to reveal state of enterprise security  SANTA CLARA, CA and STOCKHOLM, SWEDEN – September 28, 2022 – In light of recent phishing-based cyberattacks and in recognition of Cybersecurity Awareness Month, Yubico, the leading provider of hardware authentication security keys, today shared the results of ...

Read more
Thumbnail
enterprise securityMFAphishing-resistant MFAphishing-resistant MFAsurvey

Yubico unveils results of inaugural State of Global Enterprise Authentication Survey 2022

Cybersecurity attacks continue to be on the rise, making news headlines almost daily. With the kick-off of Cybersecurity Awareness Month on October 1, it’s a good reminder that all MFA is not created equal. We’re increasingly seeing that hackers aren’t breaking in, but instead are now logging in with phishing and social engineering attacks against ...

Read more
Thumbnail
securitystrong authenticationYubiKeyYubiKey

Industries

Solutions by industry Organizations across every industry are going through a digital transformation. Yubico helps organizations stay ahead of the curve. See our customers in action Figma implements strong security Read the case study > Arvika Municipality enhances security Read the case study > Schneider Electric implements MFA Read the case study >

Read more
Thumbnail
FIPS 140-2YubiKey FIPS Series

Série YubiKey FIPS

Clés de sécurité validées FIPS 140-2 Respecter les réglementations de conformité en France, Belgique, Allemagne, Autriche et Suisse Authentification supérieure Validé FIPS 140-2 (niveau 1 et niveau 2 globaux, niveau de sécurité physique 3) ; répond au niveau d’assurance d’authentification 3 (AAL3) le plus élevé de la directive NIST SP800-63B. Simple, rapide, fiable Authentificateur matériel, ...

Read more