White paper: Bridge to Passwordless best practices
PALO ALTO, CA and STOCKHOLM, SWEDEN – May 22, 2018 – Yubico, the leading provider of hardware authentication security keys, today announced the availability of a new mobile software development kit (SDK) for iOS to allow mobile app developers to quickly integrate YubiKey NEO near-field communication (NFC) two-factor authentication (2FA) into iOS applications. With this latest offering, the YubiKey can now provide simple and secure authentication for all leading mobile platforms including Android, Windows 10, and iOS.
In iOS 11, it became possible to authenticate with Yubico one-time password (Yubico OTP) over NFC, a feature request by many YubiKey users. To remove complexity and help mobile application developers simplify and deliver on this functionality, Yubico created the Mobile SDK for iOS. This SDK enables rapid integration of YubiKey OTP authentication over NFC in any iOS mobile app.
A user authenticates to their LastPass app on iPhone using a YubiKey NEO over near field communication (NFC).
“It’s absolutely critical to have a hardware-based root of trust, like the YubiKey, to establish an approved relationship between a mobile phone and the apps we use,” said Stina Ehrensvard, CEO and Founder, Yubico. “Mobile authentication methods, like SMS or push apps, cannot be considered as trusted second factors to authenticate in a mobile app setting. They can be spoofed by porting a number to a different mobile device or can be very unreliable at the mercy of the phone networks.”
NFC authentication with the YubiKey is four times faster than typing traditional OTPs and is not subject to other mobile device constraints such as batteries and connectivity. The YubiKey NEO can be used to register the app during the initial app enrollment and also for step up authentication once in the app to initiate sensitive transactions such as money transfers, changing account settings, and password resets.
The simplicity and reliability of mobile authentication with the YubiKey is particularly attractive for enterprises looking to reduce costs, time, and resources associated with the vast majority of help desk calls pertaining to app re-installation. Whether it’s due to lost, stolen, or damaged devices, re-enrolling apps on a new device is an inconvenience to all parties involved.
LastPass iOS App Supports Yubico OTP via NFC
The LastPass password manager, a product of LogMeIn Inc., is one of the most popular YubiKey integrations for Yubico OTP, and the application has supported NFC on Android devices for many years. A user simply has to touch the YubiKey NEO to an Android device and they are quickly authenticated into their LastPass account.
Using the new Yubico Mobile SDK for iOS, LastPass is the first password manager application on iOS to enhance its security with Yubico OTP authentication through NFC. LastPass users with iPhone 7 or above, running iOS 11, can now authenticate to their LastPass Premium, Families, Teams and Enterprise accounts on their mobile device with the same YubiKey NEO that they use for their desktop or laptop.
At the time of mobile login, users can touch the YubiKey NEO to the iPhone to wirelessly transfer a Yubico OTP and securely access the application. Current LastPass users will receive an automatic update to their iOS application (version 4.2.7) via the App Store. New LastPass users can download the iOS app here.
“Integrating the Yubico SDK into the LastPass iOS app was a quick and painless process, mostly because the NFC API matched almost 1:1 with the Yubico SDK API,” said Akos Putz, Principal Product Manager for LastPass at LogMeIn. “We’re excited to offer this new authentication method for our iOS users right out of the gate, giving them another option for adding an extra layer of security to their LastPass vault.”
Yubico Mobile SDK for iOS and the Yubico Developers Program
The YubiKey now provides simple and secure authentication for all leading mobile platforms including Android, Windows mobile, and iOS. The company recently introduced the Yubico Developer Program to enable rapid integration of the YubiKey for strong authentication within web and mobile applications. The developer program is expanding its mobile track to iOS integrations. Those who sign up will have access to developer resources including workshops, webinars, implementation guides, reference code, and SDKs.
The Yubico Mobile SDK for iOS delivers NFC support with the YubiKey NEO for iOS applications running on iOS 11 and on iPhone versions 7, 8, or X. For iPhone versions 6 or older that do not offer support for NFC with the YubiKey, the SDK offers the ability for users to initiate secure mobile app enrollment using a desktop computer and a YubiKey.
For more information on the Yubico Mobile SDK for iOS and implementation guides, please visit the Yubico Developer site. For more information on Yubico products and technology, please visit yubico.com
Yubico sets new global standards for simple and secure access to computers, mobile devices, servers, and internet accounts.
The company’s core invention, the YubiKey, delivers strong hardware protection, with a simple touch, across any number of IT systems and online services. The YubiHSM, Yubico’s ultra-portable hardware security module, protects sensitive data stored in servers.
Yubico is a leading contributor to the FIDO2, WebAuthn, and FIDO Universal 2nd Factor open authentication standards, and the company’s technology is deployed and loved by 9 of the top 10 internet brands and by millions of users in 160 countries.
Founded in 2007, Yubico is privately held, with offices in Sweden, UK, Germany, USA, Australia, and Singapore. For more information: www.yubico.com.
LastPass is an award-winning password manager helping millions organize and protect their online lives, at home and at work. For businesses of all sizes, LastPass provides secure password storage and centralized admin oversight to reduce the risk of data breaches and remove password obstacles for employees. With customizable policies, secure password sharing, and comprehensive user management, LastPass gives IT the tools to strengthen password hygiene across the organization. For more information, visit https://lastpass.com. LastPass is a trademark of LogMeIn in the U.S. and other countries.
LastPass Media Contact:
Lauren Van Dam
press@lastpass.com
781-897- 1328
