White paper: Bridge to Passwordless best practices
BARCELONA, November 16, 2015 – Yubico, the leading provider of simple and open online identity protection, today announced the launch of the YubiKey 4, Yubico’s next generation authentication device, at DockerCon Europe 2015, November 16-17 in Barcelona, Spain. Yubico’s 4th Generation YubiKey includes the first of its kind touch-to-sign feature, the latest secure elements supporting longer public/private keys, faster cryptographic operations, and more.
Yubico, Docker Revolutionize Code Signing
Announced during the DockerCon keynote, Yubico and Docker, the open platform for building, shipping and running distributed applications used by millions of developers and system administrators, have deployed the world’s first touch-to-sign code signing system using YubiKeys, helping secure software development for Docker developers. With the YubiKey 4, Docker users can digitally sign code during initial development and through subsequent updates to ensure the integrity of the Dockerized applications and guard against malware or other nefarious attacks.
“This is an important milestone for Yubico and our community as we move beyond authentication to address another area in which the YubiKey shines, using our hardware to perform cryptographic sign operations,” said Jerrod Chong, VP, Solutions Engineering, Yubico. “Having root keys stored in the secure element of the YubiKey means attackers cannot duplicate the keys and forge sign operations; insecure storage of keys in software modules is often the root cause for many of the vulnerabilities found in software packages.”
YubiKey 4 features also include:
- Works on Microsoft Windows, Mac OS X, Linux operating systems; and major browsers
- Supports multiple authentication protocols, including Yubico OTP, smart card, and FIDO U2F
- Hardware secure element
- RSA 4096 for OpenPGP
- Support for PKCS#11
“Our collaboration with Yubico adds to our growing portfolio of container security capabilities, enabling developers to sign their code with a simple touch, ,” said Scott Johnston, SVP of Product Management, Docker. “Our ability to ensure security while maintaining a consistent developer experience is paramount, and this solution helps us and our users achieve both.”
Yubico’s Chong will be participating in a DockerCon Community Theater session ‘The Future of Hardware-Backed Keys’ on Tuesday, Nov. 17th, from 12:40 to 12:55 p.m. Chong will discuss the many ways enterprises are seeking higher security use YubiKeys. With YubiKey, one device provides a wide range of secure access, including code signing, remote access and VPN, password managers, computer login, multifactor SSO to identity and access management systems, and U2F support for popular online services like GitHub, Dropbox, and Google accounts.
Yubico will be exhibiting YubiKey 4 code signing within the Docker platform and FIDO Certified™ Universal 2nd Factor (U2F) authentication functionality throughout DockerCon at booth #21. For more information and to learn more about Yubico, YubiKey 4 and FIDO U2F, please visit www.yubico.com.
Yubico sets new global standards for simple and secure access to computers, mobile devices, servers, and internet accounts.
The company’s core invention, the YubiKey, delivers strong hardware protection, with a simple touch, across any number of IT systems and online services. The YubiHSM, Yubico’s ultra-portable hardware security module, protects sensitive data stored in servers.
Yubico is a leading contributor to the FIDO2, WebAuthn, and FIDO Universal 2nd Factor open authentication standards, and the company’s technology is deployed and loved by 9 of the top 10 internet brands and by millions of users in 160 countries.
Founded in 2007, Yubico is privately held, with offices in Sweden, UK, Germany, USA, Australia, and Singapore. For more information: www.yubico.com.
