Showing results for: authentication

Stina Ehrensvard

Buckle Up for a Safer Internet

Some cynics say that the problem of internet security will only continue to get worse, and that there is nothing we can do, but manage and minimize damages and losses. As an optimist, I completely disagree. Throughout our existence, people have faced and resolved extremely complex and evolving challenges—a great example of which is automobile safety.

A few years back, I wrote a blog post entitled Internet Identity and the Safety Belt. It focused on the introduction of the three-point seatbelt and its significant contribution to the automobile industry by making cars safer for drivers and passengers. Today, there are 10 times more cars on the road, but a lower total number of fatal car accidents. While driving will never be completely safe,  millions of lives have been saved through the realization of the problem, innovation, education, market demand, open standards, and government regulations. I am confident that we will make the information superhighway safer for everyone through the same efforts.

For the automobile industry, the seatbelt is an innovation that has had the greatest positive impact on passenger safety. Further advancements in car safety designs and driver’s education programs have similarly equipped new drivers with the tools they need to safely navigate any unforeseen turns.

What if there was a driver’s education program to help internet users move safely across the internet? Perhaps this should become a staple in a school curriculum just like Math and History?

Education, innovation, and collaboration are key to helping us all solve this complex challenge together. With that in mind, I am sharing a security quiz that we developed for basic IT security training of new Yubico employees. I invite you to test your security knowledge, and please feel free to share the quiz with family, friends, and coworkers.

Safe driving on the internet!

David Treece

Yubico Simplifies Smart Card Deployment in the Enterprise

In the enterprise, smart cards are used to simplify logging into computers, VPNs, and online applications. Smart cards can also be used for digitally signing emails and documents. While smart cards are known for delivering strong authentication, they have not always been known for being the simplest to deploy. For example, to use a smart card in an enterprise setting, an admin needs to install client / driver software on every computer, and an external smart card reader is typically required.

Since 2015, the YubiKey has supported smart card PIV functionality with the ability for the YubiKey to act as both a smart card reader and a smart card, meaning that no extra hardware is required. Most recently, we have simplified smart card deployment with the introduction of a YubiKey smart card minidriver. The new YubiKey minidriver enables users to simply self-enroll using the native Windows GUI, and even manage their smart card PIN from Windows Ctrl+Alt+Del. Administrators also benefit from the YubiKey minidriver by being able to do user provisioning using the Microsoft built-in MMC.

Smart card functionality is one of the five authentication protocols supported by the YubiKey, including Yubico and OATH one time password, FIDO U2F, and Open PGP smart card. With this multi-protocol support, the YubiKey is suitable for deployment across the enterprise to secure access to computers, networks, and services.

Learn more about YubiKey smart card in the enterprise.

Why_2018_will_be_the_year_for_authentication_hardware_blog_crown
Stina Ehrensvard

Why 2018 will be the year for authentication hardware

A journalist recently asked me why the world is seeing the return of hardware authentication. My response is that hardware actually never went away. Today, there is no more prevalent form of user verification than hardware. If there had been an easier and more secure way to deploy and revoke user credentials for billions of people, we would not have hardware SIM cards in our phones or chip credit cards in our wallets.

Security is all about minimizing attack surface and achieving separation. The recent Spectre and Meltdown attacks illustrated that it’s hard to achieve watertight separation between processes as systems become increasingly complex. General purpose computing devices that are connected to the internet have big attack surfaces, making them vulnerable to attacks from many fronts, including malware, phishing, malicious apps, Wifi exploits, VPN masking, and social engineering.

However, hardware security devices by themselves do not automatically make things more secure. Modern threats require stronger cryptography with a tighter integration to the applications they’re designed to protect. As a result, we will see increased awareness and adoption of hardware-based authentication and encryption devices using public key cryptography throughout 2018. These devices keep cryptographic information physically separated from the computing device they are connected to, dramatically minimizing the attack surface.

The benefits of using hardware authenticators go beyond just security. Users wanting to ensure privacy do not want to leave footprints that tie their identity to a particular device. Most mobile devices are controlled or monitored by the telecom or platform providers, collecting data about user activities. Furthermore, tying user identity to a device does not easily allow for multiple identities, such as separate identities for work and personal accounts, or being anonymous. Hardware authenticators, such as the YubiKey, do not require you to share any personal details of yourself to authenticate.

Additionally, there are enterprises who do not allow their employees to bring their phones to work, which makes mobile device based authentication inaccessible. In some geographic locations, there are regulations in place that prohibit companies from forcing employees to download business applications on personal computing devices.

Mobility is another important benefit of hardware-based authenticators. With your credentials tied to an integrated device, it can be difficult to move your login credentials between devices, as there is no seamless communication standard between all computers and mobile platform. Using a hardware authenticator with multiple communication methods solves this problem.

Finally, hardware authenticators offer significant benefits related to backups. Independent of what type of authentication technology selected, users will sooner or later lose, break, or reset their login devices. When organizations allow the use of multiple affordable hardware authenticators, one as a primary and others as backups, productive work will increase and support calls will decrease. A hardware authenticator, such as the YubiKey, can cost less than a support call, and a fraction of the expense of using a mobile phone.

Today, in 2018, Yubico and all leading browsers and platform providers are engaged in open standards work based on hardware and public key crypto across leading standards organizations, including the FIDO Alliance, W3C, IETF, and OpenID. We work together not as competitors, but as true leaders collaboratively driving the open standards that will stop the number one problem of IT security breaches for login, payments, IoT, and beyond: stolen user credentials.

Stina Ehrensvard

Google Unveils FIDO U2F Security Key Support

Google today announced on its security blog an extra layer of security for Google Accounts based on the emerging strong authentication standard; Universal 2nd Factor or U2F.

This is a good day for the Internet.

As a driving contributor to FIDO U2F specifications, Yubico celebrates this big day by releasing a new blue campaign version of our YubiKey that is designed to work with U2F support Google has added to Chrome. This U2F-only Security Key, as well as our multi-technology YubiKey NEO, pioneers the market for U2F devices.

This U2F support is a milestone in a standards journey that began a couple of years ago. Along with Internet thought leaders, we recognized the advantages of high-security, public key cryptography for scalability and for protecting against advanced Trojans, phishing and man-in-the-middle attacks. With a mission to make great security available for every Internet user, we decided to focus on the essential; to keep it really lean.

Below is a short summary of the main differentiators between U2F security keys and traditional smart card- and hardware-based authentication devices:

  • No need for drivers, client software and middleware – Uses native drivers and built-in support directly into the browser. No installation, no configuration – just works !
  • Highly scalable while protecting your privacy – Generates a new set of encryption keys for every service, that is only stored on the specific service it connects to. With this approach no secrets are shared among service providers, and even low-cost security keys can support any number of services.
  • Great user experience – To register and authenticate, all it takes is a simple touch of a button!

In January 2013 Wired Magazine first wrote about the U2F project. As a response to all the inquiries Yubico received, we published a blog summarizing our vision of a single key for securing access to all Internet. Since then, U2F has continued to develop within the FIDO Alliance open standards consortium.

And now our vision has been turned into reality.

You can get your own FIDO U2F Security Key today at Amazon.com. A key that you own and control allowing you to securely login into your Google Account, which lets you access services such as Gmail. The same is true for any number of service providers who choose to adopt simple and strong Universal 2nd Factor authentication.

A special thanks to everyone in the FIDO Alliance working groups for making this happen!

Learn more about the new FIDO U2F Security Key by Yubico

Ronnie Manning

Meet Yubico at Cloud Identity Summit

Yubico is invited to showcase the YubiKey and FIDO U2F ready devices at the upcoming Cloud Identity Summit, in Monterey, California. On Saturday, July 19, you can meet our team at the FIDO Alliance interoperability showcase and demo at the Bonsai II room from 1:30-4:30 p.m. On July 20-22, we welcome you to the Yubico booth #TT8. To schedule a meeting, please email us at press@yubico.com.

Simon

YubiX: Reference Auth Software

Yubico is happy to introduce a project that combines several of our server-side software packages: YubiX. YubiX is intended as a reference architecture software stack to demonstrate how to build robust and secure authentication systems that utilizes the YubiKey and YubiHSM hardware. While YubiX may be run directly as-is, it is not intended as a “product”; rather it is intended as inspiration for customers and partners to adapt and build their own solution from. We encourage people to take parts of YubiX and put them into products or their own system designs. All the software in YubiX is free and open source software.

The current functionality includes a web service interface and a RADIUS interface for validating username, password and Yubico OTPs, together with related administrative interfaces. However the YubiX project goal is to generally showcase different technology options that can use Yubico OTPs; so expect it to go in any direction that new technology takes it. Yubico is committed to support our own components that make up YubiX and will engage with the community through GitHub using a issue tracker and source code development tools. However Yubico does not provide system-level support on external parts, such as the core Debian/Ubuntu operating system or components like FreeRADIUS: those are already well service by their own communities.

To focus our resources on YubiX, we are now retiring our old product YubiRADIUS including its components such as YubiApp. Yubico is not recommending any single migration strategy for YubiRADIUS, instead we encourage all existing YubiRADIUS users to evaluate different options. If you have technical know-how we believe the components that makes up YubiX will allow you to build something better and more robust going forward. If you prefer to take an off-the-shelf product, there are options like DuoSecurityLinOTP, OpenOTP, AuthAnvil and others. By partnering up with someone external, you can also create a custom solution for you based on YubiX components and components built by a partner. Of course, finally, if you are happy with YubiRADIUS, there is no reason to stop using it except that it will not be maintained or supported by Yubico going forward.

For more information, please see our page about YubiX. For discussion, we invite comments on our forum.

Ronnie Manning

UK Becomes the First Government to Offer Secure Online Identities Based on FIDO U2F Standards

STOCKHOLM & AMSTERDAM, March 23, 2016 – Yubico, the leading provider of simple, open and strong authentication, and Digidentity, a leading identity service provider, today announced a partnership to enable FIDO Universal 2nd Factor (U2F) authentication and YubiKeys for UK government services. The joint solution allows all UK citizens to easily and securely access GOV.UK Verify digital public services.

Compromised online identities have reached a level that has exposed the weaknesses in usernames and passwords as well as traditional software security solutions. Government services around the world have a growing demand for strong two-factor authentication, but traditional hardware technologies have been too costly and complicated to scale for most countries and internet users.

The new open authentication standard FIDO U2F changes that model. Successfully deployed and supported by leading commercial service providers, including Gmail and Dropbox, FIDO U2F is now also supported in UK government services, including for identity assurance.

GOV.UK Verify is a new simple way for UK citizens to access an increasing range of UK government services online. This is the first government service in the world to make support for simple and strong FIDO U2F authenticators. The service works using a roster of identity providers, who check and confirm a user’s identity before they can access a government service. Digidentity is one of the UK government’s certified identity service providers.

“UK citizens can easily purchase a FIDO U2F device online and register it with Digidentity,” says Marcel Wendt, Digidentity CTO and co-founder. “With a quick online process, the user’s identity is verified and tied to the U2F device, and the data is encrypted to safeguard a user’s privacy. We are pleased to partner with Yubico, a driving contributor of the FIDO U2F standard, to make this happen.”

To authenticate to GOV.UK Verify using Digidentity with FIDO U2F, the user inserts a U2F YubiKey device into their computer’s USB port, and then touches the device. There are no drivers or client software to install. Later this year, U2F authentication via Near Field Communication (NFC) and Bluetooth will be supported by Digidentity for secure login from mobile devices.

“We are impressed with the online identity services that GOV.UK and Digidentity have developed and are now offering to UK citizens,” says Stina Ehrensvard, CEO and founder, Yubico. “We share their mission of making secure online identities easy and available for everyone.”

YubiKeys with FIDO U2F support are available (starting from £13/$18) at Amazon.com or from the Yubico Store. The same U2F key that works with GOV.UK Verify and Digidentity also works for logging in to a growing number of large scale commercial services, without any personal data or encryption secrets shared between service providers.

About Yubico
Yubico sets new world standards for simple, secure login, preventing unauthorized access to computers, servers, and internet accounts.

Supporting multiple authentication and encryption protocols on all devices and platforms, YubiKeys protect access to user accounts for the world’s largest enterprises with a simple touch, and with no driver or client software needed. Yubico is a leading contributor to the FIDO Universal 2nd Factor open authentication standard, and Yubico’s technology is used, and loved, in more than 150 countries.
Founded in 2007, Yubico is privately held with offices in Sweden, US and UK. For more information, please visit www.yubico.com.

About Digidentity
Digidentity makes your online life simpler and safer by enabling secure and verified digital identities for everyone.

To do this, Digidentity developed services focused on a unique digital identity, where the user and their privacy are key. Digidentity is also a supplier of SSL certificates and qualified digital signatures. Digidentity provides national digital identity solutions to the Dutch and British governments, as well as solutions for a large variety of organizations. Providing identities to more than 12 million Europeans, Digidentity executes more than 150 million secure online transactions per year between people, organizations, and governments.

Founded in 2008, Digidentity is privately held in The Netherlands. For more information, please visit www.digidentity.com.

Media Contact
Ronnie Manning
Director, Public Relations
Yubico, Inc.
Ronnie@Yubico.com
1.619.822.2239