PALO ALTO, Calif. and STOCKHOLM, Oct. 31, 2011 – Recent hacker attacks continues to demonstrate the weakness of traditional usernames and passwords. Most Internet users use the same credentials on multiple sites, severely damaging their online identity when a single site is hacked. To address this issue, Yubico, the leading provider of easy-to-use two-factor authentication, has initiated successful partnerships with online password managers, offering Internet users stronger protection of their passwords.
Compromised identities and associated data loss continue to rise as hackers successfully expose weak usernames and passwords. This year, several large American businesses have reported major security breaches, including Sony, Sega and Citigroup, among others. Last week, a major breach in Sweden, where more than 90,000 passwords that include Swedish journalists, politicians and private individuals, was hacked exposing an urgent need for improved password security.
As static username and password is still the most widely used online authentication method, password managers help users to easily manage longer passwords that are unique for every service. However, to ensure that hackers do not get access to the user’s list of unique passwords, security experts recommend two-factor authentication for logging in to the password manager service. Two-factor authentication means using something you have that provides a secure one time pass code (a token or smartcard) and something you know (a password or PIN).
“Using a static username and password for securing access to your Internet life is comparable to a putting a simple latch on your front door, which can be easily kicked-in, and leaving the safe inside your house wide open,” said Stina Ehrensvard, CEO and founder of Yubico. “With a one-time password token and a Password Manager the user only needs one key and one password for simple and secure access to all critical Internet applications.”
The YubiKey USB authentication key simplifies the process of logging in with a One-Time Password (OTP) token, eliminating the need to re-type long passcodes from a display device. The practically indestructible device fits easily on a keychain and works on all computers and platforms without the need for client software. The YubiKey is supported by a growing number of password managers, including Lastpass.
“LastPass, when used in conjunction with the YubiKey, is a great combination for delivering simple and secure password management,” said Joe Siegrist, CEO and founder of LastPass. “A physical security token, that cannot be copied remotely, provides the best protection for online identities”
In addition to providing two-factor authentication, Internet services must also protect servers storing sensitive user data, including encrypted secrets, from being remotely accessed by hackers. Yubico has recently launched the YubiHSM, the first inexpensive Hardware Security Module, for protection of secrets on servers.
Please visit yubico.com/YubiKey, yubico.com/LastPass and yubico.com/yubiHSM for more information.
About Yubico
Yubico sets new global standards for simple and secure access to computers, mobile devices, servers, and internet accounts.
The company’s core invention, the YubiKey, delivers strong hardware protection, with a simple touch, across any number of IT systems and online services. The YubiHSM, Yubico’s ultra-portable hardware security module, protects sensitive data stored in servers.
Yubico is a leading contributor to the FIDO2, WebAuthn, and FIDO Universal 2nd Factor open authentication standards, and the company’s technology is deployed and loved by 9 of the top 10 internet brands and by millions of users in 160 countries.
Founded in 2007, Yubico is privately held, with offices in Sweden, UK, Germany, USA, Australia, and Singapore. For more information: www.yubico.com.
