White paper: Bridge to Passwordless best practices
A year ago, I joined Yubico and wrote a blog with the headline “Welcome to the Future, It’s About to Get Really Interesting.”
On reflection, perhaps that was an understatement.
The past 12 months have seen unprecedented hacks on industry and government that have resulted in more than a billion stolen passwords and personal records. The carnage created enough of a pain point to move security and two-factor authentication from an afterthought to an active, mainstream conversation topic.
It was a wake up call to the weakest factor in security – the human factor.
Eyes popped out when Apple was hacked and celebrity nude pics were stolen. President Obama signed an executive order requiring the use of multi-factor authentication in federal agencies. Red Hat and Microsoft announced multi-factor authentication plans, New York State banking regulators added two-factor authentication to their definition of a secure environment, and the US Postal Service added two-factor authentication to its post-hack remediation efforts.
Then the Cavalry started to round up its horses.
In October 2014, Google announced the first application support for the FIDO Universal 2nd Factor protocol and gave Gmail (and eventually Google for Work) users strong authentication backed by simple-to-use public key cryptography in the form of a Yubico Security Key.
At Yubico, we grew to keep up with the changing security landscape. We developed a two-factor login app for Salesforce.com users, sweetened our YubiKey portfolio with U2F support, offered our Security Key as a complement to Google’s launch, continued to bring on handfuls of enterprise customers looking to secure authentication, and helped finalize and offer to the world the FIDO U2F specification we co-invented.
And that was all before the end-of-year holidays. (Oh yeah, and we brightened the holidays with an array of colorful YubiKeys).
In January, the FIDO U2F ecosystem was active and buzzing with chipmakers, biometric devices, YubiKeys, mobile apps/clients, wireless connectivity development, cloud services, open source software, and other goodies.
Our CEO talked internet security with President Obama at a cybersecurity summit in Palo Alto, and recruited Salesforce CEO Marc Benioff as an investor and advisor.
We drew crowds eagerly seeking two-factor authentication as a silver lining at conferences such as Showstoppers, RSA, Cloud Identity Summit and Black Hat.
We released the world’s smallest HSM, debated cryptographic key sizes, announced the YubiKey Edge with OTP and U2F support, earned FIDO Certification, contributed to the release of Bluetooth and NFC support for U2F, crowned three YubiKings, and saw Dropbox become the first non-FIDO online service to adopt U2F supported by the YubiKey.
We also met with Victoria, Crown Princess of Sweden, and her husband, Prince Daniel, in California and introduced them to the YubiKey. And we went Hollywood with the YubiKey’s good-guy cameo in the dramatic film “Blackhat.”
But among all that change, we had constants: our commitment to open source and standards; our faith in one key for many apps; our belief in the right to internet privacy; our integrity; our focus on secure authentication for computers, servers, and internet accounts; and on providing the world’s enterprises with simple and secure authentication.
The next 12 months are lining up to be even more energetic, so you can count on one additional constant: more to come from Yubico (soon!) and our continued presence at the forefront of strong authentication.