White paper: Bridge to Passwordless best practices
In new entries added recently to the white paper section of our website, we’re detailing Secure Shell options using a YubiKey, and emerging standards that combine to solve online identity challenges.
These white papers are a nice place to uncover some lesser-known YubiKey gems, learn a little more about our crypto strategy, or dive deeper into topics that offer leading-edge security choices.
Those who use their YubiKey NEO or NEO-n in conjunction with Secure Shell (SSH) love the feature, but it lives in the shadow of other, more popular, YubiKey NEO services.
For the uninitiated, you can use a YubiKey NEO with SSH to establish secure connections with remote servers.
Author Alessio di Mauro, a Yubico software engineer, explains what SSH is and why you want to use it with a YubiKey. There are many advantages to using a YubiKey with SSH. The private key is stored within the YubiKey’s secure element, and your master key stays safe as you use only an authentication subkey. In addition, if your YubiKey falls into rogue hands, the attacker only has three very slim chances to authenticate as you before the key locks down.
Once you configure your computer to use SSH keys from a YubiKey, you are set to use them with your personal server or with one of the many services that allow public key authentication such as GitHub or Bitbucket.
Alessio’s white paper takes you through all the benefits.
Also new to our white paper section is a peek at some interesting standards-based identity and authentication options fostered by the intersection of FIDO Universal 2nd Factor (U2F) and OpenID Connect. Each has its own important qualities, but also soft spots. Used together, they present new security possibilities that are explored by guest author Justin Richer, a standards advocate and consultant at Bespoke Engineering.
Also in the white paper section is Alessio’s original three-part crypto key length discussion now available as one document available for download (and sharing).
Our white paper section is a growing resource, so we hope you’ll visit now to learn more, and return in the future to find in-depth looks at a flourishing ecosystem that includes the YubiKey, FIDO U2F, security and the future of strong authentication.