White paper: Bridge to Passwordless best practices
Last Friday I biked to Stanford to discuss online identity protection with the President of the United States.
President Obama is a man passionate about the Internet and dedicated to helping secure it. After our short one-on-one conversation about Yubico solutions, he took the stage at the Stanford Memorial Auditorium. In front of him he had CEOs and CISOs from the leading companies in the financial and tech industries, who were also invited as speakers during the day-long White House Cybersecurity Summit.
In an afternoon session with a group of tech CISOs, the highlight was FIDO and second-factor authentication, and implementations that work today to secure online identities. And when one of the CISOs held up a small USB-key in his hand someone from the audience called out; “That’s a YubiKey!”
In a panel entitled “Authentication Beyond Passwords”, I was one of three speakers advocating for open standards, including representatives from FIDO and NSTIC (National Strategy for Trusted Identities in Cyberspace). We agreed that the world does not need to wait; there are real-world deployments for open, secure, easy-to-use, affordable, and high-privacy online identity protection.
It was a beautiful, warm and sunny afternoon when I headed back home to Palo Alto; a 15 minute bike ride from the Stanford campus. I chose to live here for the same reasons the White House chose to host the event here; to work closely with the Internet thought leaders to solve real problems that cannot be solved alone by governments or tech giants.
While such cooperation is needed to achieve identity protections, Yubico is not blind to the current debate around government surveillance and the very public boycott of Obama’s Summit by some tech giants.
Since the NSA breach, leading tech companies are building encryption into their products that they themselves cannot break into. This effort eliminates the ability to disclose customer information even if ordered by a court. Both the British and the U.S. government have tried to stop this. The New York Times summarizes the issue well.
At Yubico, we are committed to help Internet citizens take control over their online identities. We believe that your secure online identity should not be owned or controlled by tech giants, governments, banks – or by Yubico. We believe in an open and secure Internet where users can have multiple identities, even anonymous, and hide information if they need to and want to, a topic I highlighted in my previous blog on global dissidents using YubiKeys: https://www.yubico.com/2014/11/fido-u2f-designed-protect-privacy/
See Obama’s opening remarks from the Summit (video):
https://obamawhitehouse.archives.gov/issues/foreign-policy/cybersecurity/summit