Earlier this year, Yubico announced a Mobile SDK for iOS to enable Yubico OTP authentication over NFC on iPhones. Today, we are pleased to announce that we are extending the Yubico Mobile SDK to enable rapid implementation of FIDO U2F over a lightning connection for iOS apps. We invite developers to join the Yubico Lightning Project to work with us to broaden authentication options for iOS applications.
The reality is, overall usage of mobile devices is on the rise. In fact, 79% of internet use is predicted to be on mobile by the end of 2018. Yubico’s goal has always been to make strong, simple online security truly ubiquitous, regardless of service, device, and/or operating system. However, making a hardware authenticator, such as the YubiKey, work in a secure and seamless way with iOS has been a challenge for us and the rest of the industry over the past few years.
We have researched and prototyped various iOS solutions and believe that NFC (near field communication) and USB are optimal communications transports for external authenticators because of security and usability. While it’s always possible that Apple may further open up support for NFC or USB interfaces in the future, this is currently limited or not accessible on today’s iOS devices.
The Yubico Lightning Project is designed to address these issues, with rollout in several phases. Phase one introduces our extended Mobile SDK for iOS, which enables developers to add U2F authentication to iOS apps via a lightning connection. This approach enables apps and services to have out-of-the-box U2F support. Following phases will be communicated in the future.
“Our customers love the security and ease of use of U2F Yubico security keys on their Keeper desktop and web app. Providing this ability to all users on their iPhone and Android devices is an amazing and exciting capability we’ll be ready to deploy as soon as it becomes available,” said Craig Lurey, CTO and Co-Founder of Keeper Security.
“Multi-factor authentication is a must for all organizations, helping to mitigate credential-based attacks and ensuring only the right people have access to the information they need to do their work. By working with companies like Yubico alongside our own MFA offering, we’re able to continue to provide organizations with options for simple, seamless ways to layer security on all of the devices the modern workforce is using today,” said Joe Diamond, Sr. Director of Security Product Marketing, at Okta.
Developers who are interested in taking advantage of strong U2F authentication for iOS apps, are invited to sign up for the Yubico Developer Program mailing list to stay updated on new developer resources as they become available.