PALO ALTO, Calif. and STOCKHOLM, Oct. 31, 2011 – Recent hacker attacks continues to demonstrate the weakness of traditional usernames and passwords. Most Internet users use the same credentials on multiple sites, severely damaging their online identity when a single site is hacked. To address this issue, Yubico, the leading provider of easy-to-use two-factor authentication, has initiated successful partnerships with online password managers, offering Internet users stronger protection of their passwords.
Compromised identities and associated data loss continue to rise as hackers successfully expose weak usernames and passwords. This year, several large American businesses have reported major security breaches, including Sony, Sega and Citigroup, among others. Last week, a major breach in Sweden, where more than 90,000 passwords that include Swedish journalists, politicians and private individuals, was hacked exposing an urgent need for improved password security.
As static username and password is still the most widely used online authentication method, password managers help users to easily manage longer passwords that are unique for every service. However, to ensure that hackers do not get access to the user’s list of unique passwords, security experts recommend two-factor authentication for logging in to the password manager service. Two-factor authentication means using something you have that provides a secure one time pass code (a token or smartcard) and something you know (a password or PIN).
“Using a static username and password for securing access to your Internet life is comparable to a putting a simple latch on your front door, which can be easily kicked-in, and leaving the safe inside your house wide open,” said Stina Ehrensvard, CEO and founder of Yubico. “With a one-time password token and a Password Manager the user only needs one key and one password for simple and secure access to all critical Internet applications.”
The YubiKey USB authentication key simplifies the process of logging in with a One-Time Password (OTP) token, eliminating the need to re-type long passcodes from a display device. The practically indestructible device fits easily on a keychain and works on all computers and platforms without the need for client software. The YubiKey is supported by a growing number of password managers, including Lastpass.
“LastPass, when used in conjunction with the YubiKey, is a great combination for delivering simple and secure password management,” said Joe Siegrist, CEO and founder of LastPass. “A physical security token, that cannot be copied remotely, provides the best protection for online identities”
In addition to providing two-factor authentication, Internet services must also protect servers storing sensitive user data, including encrypted secrets, from being remotely accessed by hackers. Yubico has recently launched the YubiHSM, the first inexpensive Hardware Security Module, for protection of secrets on servers.
Yubico is the leading provider of easy-to-use two-factor authentication. The company’s flagship product, the YubiKey, uniquely combines driverless USB hardware with open source software. More than a million users in 95 countries rely on the YubiKey for online identity protection with simple and secure access to computers, networks and online services. Customers range from individual Internet users to e-governments and Fortune 500 companies. Founded in 2007, Yubico is privately held with offices in California, Sweden and UK. For more information, please visit yubico.com.