Showing results for: YubiKey

Stina Ehrensvard

Buckle Up for a Safer Internet

Some cynics say that the problem of internet security will only continue to get worse, and that there is nothing we can do, but manage and minimize damages and losses. As an optimist, I completely disagree. Throughout our existence, people have faced and resolved extremely complex and evolving challenges—a great example of which is automobile safety.

A few years back, I wrote a blog post entitled Internet Identity and the Safety Belt. It focused on the introduction of the three-point seatbelt and its significant contribution to the automobile industry by making cars safer for drivers and passengers. Today, there are 10 times more cars on the road, but a lower total number of fatal car accidents. While driving will never be completely safe,  millions of lives have been saved through the realization of the problem, innovation, education, market demand, open standards, and government regulations. I am confident that we will make the information superhighway safer for everyone through the same efforts.

For the automobile industry, the seatbelt is an innovation that has had the greatest positive impact on passenger safety. Further advancements in car safety designs and driver’s education programs have similarly equipped new drivers with the tools they need to safely navigate any unforeseen turns.

What if there was a driver’s education program to help internet users move safely across the internet? Perhaps this should become a staple in a school curriculum just like Math and History?

Education, innovation, and collaboration are key to helping us all solve this complex challenge together. With that in mind, I am sharing a security quiz that we developed for basic IT security training of new Yubico employees. I invite you to test your security knowledge, and please feel free to share the quiz with family, friends, and coworkers.

Safe driving on the internet!

Yubico Team

Find Your Perfect YubiKey Match

At Yubico, we love security. As we approach Valentine’s Day, we’re reminded of this, and we want to share the love!

From February 12 to 18, we are offering a 25% discount on the purchase of two single YubiKeys (Hint: keep reading). Share the second key with a loved one or use it as a backup.

To help you find your perfect YubiKey match, we’ve created a product quiz that provides YubiKey recommendations based on your work style, computer type, and security needs. The YubiKey comes with a wide range of features in different form factors and designs, so after completing the quiz you’ll have found your perfect YubiKey match.

Ready to meet these YubiKey sweethearts?

 

Take the YubiKey product quiz. Once you’ve made your decision, head over to the Yubico store, add two YubiKeys of your choice to the cart, and use the coupon code YK18-143 at check out to receive 25% off. The Valentine’s Day promotional offer is valid from 12:01 a.m. PT on Monday, February 12 to Sunday, February 18 at 11:59 p.m. PT.

Looking to share the love with your friends? Spread the word with a tweet!

David Treece

Yubico Simplifies Smart Card Deployment in the Enterprise

In the enterprise, smart cards are used to simplify logging into computers, VPNs, and online applications. Smart cards can also be used for digitally signing emails and documents. While smart cards are known for delivering strong authentication, they have not always been known for being the simplest to deploy. For example, to use a smart card in an enterprise setting, an admin needs to install client / driver software on every computer, and an external smart card reader is typically required.

Since 2015, the YubiKey has supported smart card PIV functionality with the ability for the YubiKey to act as both a smart card reader and a smart card, meaning that no extra hardware is required. Most recently, we have simplified smart card deployment with the introduction of a YubiKey smart card minidriver. The new YubiKey minidriver enables users to simply self-enroll using the native Windows GUI, and even manage their smart card PIN from Windows Ctrl+Alt+Del. Administrators also benefit from the YubiKey minidriver by being able to do user provisioning using the Microsoft built-in MMC.

Smart card functionality is one of the five authentication protocols supported by the YubiKey, including Yubico and OATH one time password, FIDO U2F, and Open PGP smart card. With this multi-protocol support, the YubiKey is suitable for deployment across the enterprise to secure access to computers, networks, and services.

Learn more about YubiKey smart card in the enterprise.

Alex Yakubov

PetitionThat with the YubiKey

Today, the World’s Largest Developer Expo + Conference, DeveloperWeek 2018, opens at the Oakland Convention Center with thousands of developers participating from all over the globe. As a warm up for the conference, hundreds of developers participated in the DevWeek 2018’s hackathon and pulled an all-nighter on Saturday. Over 160 teams coded and collaborated for 24 hours. Our challenge was simple – incorporate YubiKey two-factor authentication (2FA) support into a standalone project for the chance to win a YubiCrown.

And the winning project is… PetitionThat

PetitionThat is a proof of concept that enables petition organizers to collect personal contact information about supporters for the purpose of continued outreach via text, phone, and email after the petition is signed. The platform’s inventors are siblings Solaman and Jameela, and their longtime friend Neil. The three Software Engineers joined forces to tackle an idea they’d been kicking around for awhile. They said, “it’s hard to find time to start a new project. When we saw the tools and technologies that were being promoted for the hackathon and how well they could service our idea, we knew that this was finally the time to build it.”

We were blown away by the progress the team made in just 24 hours. They successfully demonstrated secure login to the PetitionThat organizer platform using the YubiKey, real-time signing of a petition by a verified citizen, and re-engagement with the petition-signer over SMS. What really stood out, however, was this team’s fundamental understanding of the importance of privacy and security of the data they aim to collect.

Here’s what they have to say

“In the current political climate, too many people feel like they don’t have a voice. They wish they could improve some aspect of society, but they don’t really feel empowered to inspire change. People have traditionally proven support for an idea by gathering signatures, and today, there are petition websites that go further by leveraging the reach and connectedness of the internet. However, the problem with these sites is that there’s no verification of supporters. It’s too easy for petition organizers and supporters alike to game the system, creating a lack of confidence in the actual support for an idea,” shared the PetitionThat team.

PetitionThat solves this problem by filtering submissions that appear to be fraudulent and requiring a verified electronic signature for an individual to be counted among the supporters of a cause.

“Our service requires two-factor authentication from petition organizers before they can access the contact information of their supporters. We can associate a YubiKey with their account to make two-factor authentication as easy as pressing a button,” they said.

“The YubiKey gives us confidence that a petition organizer’s account isn’t being accessed by a malicious third party to collect personal contact information about supporters for a cause. And for organizers, it’s easier to use than other two-factor authentication methods, such as taking out a phone, waiting for a text message, and manually typing in a code. We get the security of two-factor authentication in a way that doesn’t slow down our users when they’re logging in.”

When asked about the experience of developing with and using the YubiKey and our developer tools, they said, “We explored a lot of new technologies when working on this project, including the YubiKey. The service advertises integration in less than an hour; it took us 15 minutes! It was so easy! There were some APIs from other hackathon sponsors that were so complicated or poorly documented that we had to re-architect our service to avoid using them. The YubiKey and YubiCloud just integrated seamlessly.”

Yubico applauds PetitionThat for their vision, hard work, and excellent performance at the DevWeek hackathon. To learn more about the YubiKey and how to deploy 2FA into your software or service, please visit https://developers.yubico.com/. If you are at Developer Week 2018, stop by and meet the Yubico team at booth # 513.

Why_2018_will_be_the_year_for_authentication_hardware_blog_crown
Stina Ehrensvard

Why 2018 will be the year for authentication hardware

A journalist recently asked me why the world is seeing the return of hardware authentication. My response is that hardware actually never went away. Today, there is no more prevalent form of user verification than hardware. If there had been an easier and more secure way to deploy and revoke user credentials for billions of people, we would not have hardware SIM cards in our phones or chip credit cards in our wallets.

Security is all about minimizing attack surface and achieving separation. The recent Spectre and Meltdown attacks illustrated that it’s hard to achieve watertight separation between processes as systems become increasingly complex. General purpose computing devices that are connected to the internet have big attack surfaces, making them vulnerable to attacks from many fronts, including malware, phishing, malicious apps, Wifi exploits, VPN masking, and social engineering.

However, hardware security devices by themselves do not automatically make things more secure. Modern threats require stronger cryptography with a tighter integration to the applications they’re designed to protect. As a result, we will see increased awareness and adoption of hardware-based authentication and encryption devices using public key cryptography throughout 2018. These devices keep cryptographic information physically separated from the computing device they are connected to, dramatically minimizing the attack surface.

The benefits of using hardware authenticators go beyond just security. Users wanting to ensure privacy do not want to leave footprints that tie their identity to a particular device. Most mobile devices are controlled or monitored by the telecom or platform providers, collecting data about user activities. Furthermore, tying user identity to a device does not easily allow for multiple identities, such as separate identities for work and personal accounts, or being anonymous. Hardware authenticators, such as the YubiKey, do not require you to share any personal details of yourself to authenticate.

Additionally, there are enterprises who do not allow their employees to bring their phones to work, which makes mobile device based authentication inaccessible. In some geographic locations, there are regulations in place that prohibit companies from forcing employees to download business applications on personal computing devices.

Mobility is another important benefit of hardware-based authenticators. With your credentials tied to an integrated device, it can be difficult to move your login credentials between devices, as there is no seamless communication standard between all computers and mobile platform. Using a hardware authenticator with multiple communication methods solves this problem.

Finally, hardware authenticators offer significant benefits related to backups. Independent of what type of authentication technology selected, users will sooner or later lose, break, or reset their login devices. When organizations allow the use of multiple affordable hardware authenticators, one as a primary and others as backups, productive work will increase and support calls will decrease. A hardware authenticator, such as the YubiKey, can cost less than a support call, and a fraction of the expense of using a mobile phone.

Today, in 2018, Yubico and all leading browsers and platform providers are engaged in open standards work based on hardware and public key crypto across leading standards organizations, including the FIDO Alliance, W3C, IETF, and OpenID. We work together not as competitors, but as true leaders collaboratively driving the open standards that will stop the number one problem of IT security breaches for login, payments, IoT, and beyond: stolen user credentials.

Ronnie Manning

WIRED and Ars Technica Experts Choose the YubiKey 4 for New Subscribers

Credibility is defined as the quality of being trusted and believed in. As Yubico continues to grow the trust from our users, partners, and peers, it is truly valued. It’s with this trust that we continue to drive forward in creating strong, open authentication standards and delivering on our vision and belief of a secure internet for all.

Today, we are honored to announce we are partnering with Ars Technica, as part of celebrating its 20 year anniversary, by offering the YubiKey 4 to new Ars Pro++ subscribers. Ars Technica is a highly respected online publication within the technology community and combines technical savvy content with wide-ranging coverage of human arts and sciences, while specializing in bringing readers the right answer, the first time.

Eric Bangeman, Managing Editor, Ars Technica says, “Keeping your online accounts and personal data safe can be a challenge, but YubiKey’s flexibility and best-in-class two-factor authentication capabilities offers a deeper level of security for its users. Ars Technica is proud to offer the Yubikey 4 as a gift for its Ars++ subscribers.”

Limited Edition WIRED and Ars Technica YubiKeys

Also today, we are equally excited to say we are partnering with WIRED magazine to deliver YubiKeys to their new subscribers as well. WIRED is the ultimate authority on the people and ideas changing our world. With a particular focus on emerging technologies, they don’t just write about the future, they ignite it.

As Nicholas Thompson, Editor-in-Chief, WIRED states, “We’re thrilled to be able to offer our subscribers free YubiKeys. Our readers are sophisticated technology users who value their security, which is why we picked YubiKey as a natural gift for them.”  

With both of these powerful and forward-thinking audiences, we are extremely honored that experts from WIRED and Ars Technica chose the YubiKey as the gift of security for their readers. The best part is, subscribers are not receiving a regular YubiKey — they are receiving a limited edition YubiKey 4 with a laser-etched WIRED or Ars Technica logo. The cool factor is upped considerably here. 

Now, new WIRED and Ars Technica subscribers will be able to add the most secure, easy-to-use multi-factor authentication to their business and personal accounts. YubiKey support is available with services such as Google, Facebook, and Dropbox, plus popular password managers, and hundreds of other services — all with a simple touch.  

Looking to read about some of the best in tech? Are you an avid WIRED or Ars reader?  Want to get your hands on one of these limited edition YubiKeys? Check out the subscription information for WIRED and Ars Technica!

Ronnie Manning

We Love Third-Party Validation!

It’s always rewarding when you see third-party validation of your company’s product, and that is why today started off so well.

In separate articles published today, Yubico’s YubiKey was highlighted for its tight security and ease of use by authors Don Sambandaraksa at TelecomAsia.net, which is aimed at the telecom market, and Greg Harvey, co-founder and director at Code Enigma, which offers secure Linux hosting.

Both articles not only speak to the crypto power of the YubiKey, but its flexibility in terms of strong authentication options (including eating the key, really! but please don’t try this at home!) and Yubico’s commitment to open source software and the possibilities it provides.

Sambandaraksa’s article focuses on YubiKey’s OpenPGP support, how a private key is protected and YubiKey’s ability to solve “the usability / security trade-off that has hampered widespread PGP adoption on mobile devices.”

Harvey focuses on YubiKey’s one-time password capability to help protect access to production servers at Code Enigma, including how it is hack-proof, how the key can be certified, and the use of open-source YubiCloud software. Harvey also includes a great tutorial video: Using YubiKeys to secure Debian Linux.

Want to know who else has covered Yubico and YubiKeys lately? see our In the News section.

(image courtesy of Code Enigma

John Salter

YubiKey NEO & FIDO U2F: One Key for All Apps

I’ve been in this business for a long time and watched a lot of promise collapse and a fair number of snake oil salesmen flourish.

Strong authentication is one of those technology conundrums that always seems to be partially solved. The drawbacks of traditional one-time passcodes are well understood and we’ve always truly known their shelf life was limited.

I have been searching for something that would be more appropriate in today’s Internet, that would move past “partially solved” and would blossom into elegant simplicity spanning the technology, the plumbing and the user.

My eyes were opened to the answer while watching a room full of engineers work with their code — checking out, checking in, deploying live —and authenticating each time as they supported a massive cloud service that counts billions of users around the globe.

To cross each virtual security boundary the engineers simply press a small flashing Yubico YubiKey tucked into their USB ports to activate strong authentication. They were taking advantage of their body’s ability to hold an electrical charge and trigger a capacitance sensor.

A few years ago when I first saw this technology, I underestimated the capacitive touch. I did not think it had the needed security properties, but what I missed was how important it was to the end-user.

Once I realized that error, I began adding in the significance of the hermetically sealed, driverless YubiKey that is impervious to viruses and malware. I thought about its improvements over second-factor mobile devices that hackers can compromise, and over single sign-on, where conventional wisdom says authentication should happen as infrequently as possible then shared across domains boundaries.

I now understand security isn’t about limiting authentications but making hundreds, even thousands of them per day as easy as pushing another key on a computer keyboard. It’s a user-experience that requires zero training, even for technology’s bellwether grandmothers.

In addition, a previously missing piece is coming into focus with the FIDO Alliance’s Universal Second Factor (U2F) protocol, adding the standards-layer to enable one key to authenticate to all applications in our ecosystems while maintaining trust and end-user privacy.

Today, Yubico is releasing its YubiKey NEO with support for U2F and delivering it in two form-factors. This key will hold the promise of a significantly more secure online consumer experience, and a dramatic increase in enterprise security and ease-of-use.

This combination of all these factors (pun intended) leads me to believe we have our device and our extended shelf life for a proper “what you have” factor from a multi-factor authentication perspective.

And it has been a powerful enough epiphany for me after 30 years promoting and advancing strong authentication that I have joined Yubico as Chief Business Officer to explore this innovation and see it through to what I believe will be its rightful place in the security landscape.

As you will see in the coming weeks, my faith in these advancements will be validated by some of the most successful and influential Internet companies with arguably the largest end-user populations on the planet.

We can now challenge conventional wisdom around authenticating once then propagating credentials. I am a firm believer in SSO technology for gluing together computing across boundaries and would argue our SSO engines should play the primary role in directing identity traffic. They are, and will remain, essential in modern web architectures.

But, I argue fresh primary credentials trump older secondary credentials every time.  Application designers have never thought of a world where it is possible or desirable to verify primary credentials not just one time but many times. That world is coming into focus and I’m exited to have a front row seat, again.

John Haggard is Chief Business Officer at Yubico

Jakob Ehrensvärd

YubiKey & BadUSB

Updated Oct. 22, 2014 to include information on Security Key

We have received a few questions with regards to “BadUSB” concept, presented at BlackHat 2014. This was picked up by wired.com, where the problem domain is somewhat expanded into a claim that the “Security of USB Is Fundamentally Broken”.

Although there are a few different (and known) issues presented, the main claim here is the possibility to turn a legitimate USB device into an evil one by replacing its genuine firmware with a malign image. The authors describes USB devices, but this general concept applies to almost all types of devices having the capability to upgrade the firmware in the field, a process known as Device Firmware Upgrade (DFU).

The concept of creating “hardware Trojans” is interesting (and scary) and gained quite some attention in the early 1990s when the first field-upgradeable flash BIOSes for PCs became available. It was then shown that by replacing a legitimate BIOS with a hacked image, malign functionality could be implanted deep into the functionality of a PC, beyond reach of anti-virus software.

However, although conceptually feasible, such attacks are not that easy to execute practically and to make them widespread. There are quite a few reasons for that.

  1. Many low-end USB devices do not support DFU, either because the firmware is factory-programmed in a non-alterable mask ROM, one-time-programmable ROM or simply because there is no DFU mechanism implemented. Supporting DFU adds cost and complexity and therefore makes little sense for low-cost mass-market devices, such as thumb drives, card readers, keyboards and mice.
  2. To perform DFU, often some active (and usually quite awkward) sequence has to be performed by the user, such as holding a button while the device is power cycled. Then, a specific executable has to be run in the computer where the device is connected to perform the actual firmware upgrade. This is not something that is likely to happen without the user actively initiating it.
  3. An attack of this kind has to be targeted on a per device model basis, and then requires extensive knowledge of the particular implementation, including reverse-engineering. An attack that works for a specific device will only work for that particular version of the device. Making a blast to a large number of users and try to fool them to upgrade with a malign image seems somewhat unlikely to get more than a marginal impact.
  4. Many low-end USB devices have limited memory capabilities which cannot be upgraded with a firmware that can do anything really evil while maintaining their intended function. So, if the device is infected, it won’t be able to perform what it was designed to do. High-end devices, such as MP3-players, cameras and phones are a different story, but there the problem can be mitigated by code signing.

There are probably quite a few devices out there that do not implement basic countermeasures against what has been listed above, but probably the biggest issue with DFU is that the user accidentally bricks a device when an update fails or stalls before it has been completed. This is an implementation issue and should be seen as a design flaw by the vendor rather than a system-wide problem.

One can wonder if low-end USB devices, such as thumb drives are in fact the scariest targets for malign firmware and also why these would implement or require DFU? Phones, network routers and gateways with extensive memory and processing capabilities together with constant network and power connection seems to be more obvious and attractive in this respect. Here, the number of vendors is less and DFU is supported on a more general scale.

Seen from a different angle, one can ask if this is really a USB problem or the fact that devices (above the complexity of a thumb drive) are nowadays frequently (and very fundamentally) updated. Replacing the operating system in a tablet, firmware image in a printer, phone or a network router does not require USB – it is done directly via the network connection. The scalability and harm of such attacks is probably orders of magnitude worse than what can be accomplished on a per-device basis via USB.

The question then inevitably becomes – so how does this all affect current Yubico products, which obviously are USB devices?

With regards to the FIDO U2F Security Key by Yubico and DFU…
– There is not a DFU mechanism in the Security Key and hence it cannot be updated.

With regards to the YubiKey Standard and DFU…
– The firmware is in non-alterable ROM and hence cannot be updated.

With regards to the YubiKey NEO and DFU…
– The YubiKey NEO technically does support DFU, but requires the new firmware image to be signed by us. Yubico does not endorse nor support use of DFU for users.

With regards to the YubiHSM and DFU…
– The device does not implement DFU and hence cannot be updated.

With regards to a USB device being a carrier for malign files…
– The YubiKey or YubiHSM do not support Mass Storage Device (MSD), so they cannot carry infected files or data.

David Maples

CERN Research Secured with YubiKey

Read about how CERN is using YubiKeys in eWeek

CERN, the European Organization for Nuclear Research, pioneers of the World Wide Web and one of the world’s leading scientific research centers, uses YubiKeys for securing critical services.

“The YubiKey meets all our requirements thanks to its simplicity of use, its open algorithm and the available open-source software support. Moverover, YubiKey require no drivers, meaning that it is compatible with all our operating systems, which is a big advantage in a heterogeneous academic environment. The absence of a battery is yet another plus, limiting the maintenance costs to a strict minimum”

Remi Mollon, Computer Security Analyst, CERN

To case study

Simon

YubiX: Reference Auth Software

Yubico is happy to introduce a project that combines several of our server-side software packages: YubiX. YubiX is intended as a reference architecture software stack to demonstrate how to build robust and secure authentication systems that utilizes the YubiKey and YubiHSM hardware. While YubiX may be run directly as-is, it is not intended as a “product”; rather it is intended as inspiration for customers and partners to adapt and build their own solution from. We encourage people to take parts of YubiX and put them into products or their own system designs. All the software in YubiX is free and open source software.

The current functionality includes a web service interface and a RADIUS interface for validating username, password and Yubico OTPs, together with related administrative interfaces. However the YubiX project goal is to generally showcase different technology options that can use Yubico OTPs; so expect it to go in any direction that new technology takes it. Yubico is committed to support our own components that make up YubiX and will engage with the community through GitHub using a issue tracker and source code development tools. However Yubico does not provide system-level support on external parts, such as the core Debian/Ubuntu operating system or components like FreeRADIUS: those are already well service by their own communities.

To focus our resources on YubiX, we are now retiring our old product YubiRADIUS including its components such as YubiApp. Yubico is not recommending any single migration strategy for YubiRADIUS, instead we encourage all existing YubiRADIUS users to evaluate different options. If you have technical know-how we believe the components that makes up YubiX will allow you to build something better and more robust going forward. If you prefer to take an off-the-shelf product, there are options like DuoSecurityLinOTP, OpenOTP, AuthAnvil and others. By partnering up with someone external, you can also create a custom solution for you based on YubiX components and components built by a partner. Of course, finally, if you are happy with YubiRADIUS, there is no reason to stop using it except that it will not be maintained or supported by Yubico going forward.

For more information, please see our page about YubiX. For discussion, we invite comments on our forum.

Alvin

YubiSwitch and the YubiKey Nano

Ever felt like disabling the output of a YubiKey so you won’t trigger it accidentally? If you’re a Mac OS X user, you’re in luck! Angelo “pallotron” Failla has written an application that runs on the OS X status bar that automatically disables your YubiKey after a period of inactivity.

YubiSwitch Screen Capture

Here’s a screen capture of how it looks like. It’s primarily designed for the YubiKey Nano, which is meant to be left in the USB port for long periods of time, but will work with the standard sized YubiKeys as well. Check it out here.

Stina Ehrensvard

YubiKey in Fashion – Win a Laptop!

Lucy in the picture above is wearing her back-up Yubikey in her ear. How are you using your YubiKey? Send us your cool, fun or serious and useful YubiKey stories in any form that can be posted on our Facebook page; pictures, videos, quotes, links to blogs and Twitter feeds…

All applicants that present the YubiKey in a positive way will automatically win one free Yubikey NEO and one free YubiKey Nano. Starting now, we welcome submissions until Nov 1, 2013. The Yubico team will then select the best Yubico promotion or story that will win a Chromebook!

Tell us your story at our Facebook Page

Alvin

Expanding YubiKey Keyboard Support

Hi. We’ve had a few queries about using the YubiKey with various keyboard layouts, so we thought we’ll spend some time describing the different methods available to do that.

Like a USB keyboard, YubiKeys work via inputting scan codes as opposed to actual characters. This means that when you type, the keyboard only sends the key number, or “scan code”, which the computer then translates depending on your keyboard settings.

This presents an issue as there are many different keyboard layouts in use in the world today. In order to mitigate the problem, the YubiKey only uses modhex (MODified HEXadecimal for short) characters, which are characters which are mapped to by the same scan codes in almost all keyboard layouts. If your chosen keyboard layout is not one of those covered by the modhex system (like Dvorak, etc), your YubiKey might not be able to output the characters correctly. If this is true for you, here are 3 ways to resolve the issue.

Option 1

Our recommended “best practice” is to switch to a US standard keyboard layout when entering the OTP and switching back when done. When properly configured this is quick and convenient – in a Windows environment, for example, pressing alt+shift (to switch the input language) and ctrl+shift (to switch the keyboard layout) can allow one to quickly switch to an alternative layout.

Keyboard_Screenshot_1

The screenshot above shows a sample configuration of a US standard keyboard layout and a US dvorak keyboard layout.

Option 2

If you are trying to output digits (0-9) with the French AZERTY keyboard layout, you can simply use the press the shift key while using the YubiKey or set the flag in personalization tool to use the numeric keypad instead (for firmware 2.3 onwards).

Keyboard_Screenshot_2

The screenshot above shows where the flag setting in the personalization tool is.

Option 3

If neither of this is possible for you, another solution would be to modify the scanmap used by your YubiKey NEO. This feature requires a YubiKey NEO and the command line version of the Cross-Platform Personalization Tool. Your YubiKey NEO will only work properly on the keyboard layout that you modified it for – if you modified it for a dvorak keyboard layout, for example, it can only be used on the dvorak keyboard layout.

The YubiKey uses the following alphabet:

cbdefghijklnrtuvCBDEFGHIJKLNRTUV0123456789\t\r

The scan map is the 1 byte scan code for each of those characters. So for a US standard keyboard layout (and the YubiKey default), the scanmap is:
06050708090a0b0c0d0e0f111517181986858788898a8b8c8d8e8f9195979899271e1f202122232425262b28

To set the scanmap, use the -S argument of the ykpersonalize tool and then affix the desired scanmap after. Shown below are some examples.

Simplified US Dvorak:
0c110b071c180d0a0619130f120e09378c918b879c988d8a8699938f928e89b7271e1f202122232425269e2b28

French AZERTY:
06050708090a0b0c0d0e0f111517181986858788898a8b8c8d8e8f9195979899a79e9fa0a1a2a3a4a5a6382b28

Turkish QWERTY (with a dotless i instead of usual i):
06050708090a0b340d0e0f111517181986858788898a8b8c8d8e8f9195979899271e1f202122232425269e2b28

Note that you must remove any whitespace present in these examples before using the values. Leaving the argument empty will reset the scanmap to the YubiKey’s default.

Keyboard_Screenshot_3

The screenshot above shows a YubiKey NEO’s scanmap being configured for the dvorak keyboard layout.

Interested to know more? Head to our technical forum.

Enjoy using your YubiKey!

Simon

BrowserID and YubiKey

To to learn how you use the YubiKey with BrowserID, a new open identity initiative, please check out this video from a BrowserID developer: https://vimeo.com/64514090

BrowserID was introduced in mid 2011 by the Mozilla Project. It addresses the same problem as OpenID and SAML, as well as the common OAuth or OpenID-based login-with-an external-account (such as Google, Facebook or Twitter) flows. From a usability point of view, in comparison to OpenID, BrowserID uses email addresses instead of URLs, which is more natural for users.

Perhaps the strongest feature of BrowserID, when compared to OpenID and SAML, appears to be user privacy; with BrowserID your Identity Provider is not involved in the per-site login flow, so they cannot track which sites you have accounts on.

Technically, BrowserID has the simplicity of OpenID and OAuth but can provide stronger security (including public/private-key crypto, and provide session keys). The downside is that the BrowserID protocol is not well specified, such as in the form of an IETF RFC document, and supposedly uses obsolete JSON-security formats which poses some migration pains.

Yubico is happy to see that YubiKey support is possible with BrowserID, and we will continue to learn about this area so we can provider our customers with good advice about best usage of the YubiKey. We believe that the Internet needs better authentication methods, and also think that the YubiKey provides good security and ease of use for users.

Please note that BrowserID is not the same protocol used for the open authentication project that Google is currently working on, mentioned in Wired earlier this year and Yubico is closely engaged in.

The Source Code for the YubiKey Persona integration is avalible at https://github.com/jedp/persona-yubikey

David Maples

miiCard Proofs Identities with YubiKey

Online identity proofing service miiCard can prove an individual’s identity to the level of an offline photo ID check in minutes and purely online. By now adding YubiKey authentication to miiCard’s bank level ID verification service, the most secure and high value transactions can be performed online. Read more about how miiCard and YubiKey can make online identification safe and secure in the full press release and on our partner site!

Read full press release

Visit MiiCard’s YubiKey Protection Page

Morning dew. Shining water drops on spiderweb over green forest background. Hight contrast image. Shallow depth of field
Stina Ehrensvard

The Future of Authentication FAQ

A selection of questions we have received and answered on YubiKey NEO and Universal 2nd Factor (U2F), since this new open authentication standards initiative was announced in Wired Magazine and the Yubico identity vision blog.

Why do you want to kill the password?

We don’t. Yubico does and will continue to recommend two-factor authentication, consisting of a PIN or password in addition to a device which generates new and encrypted pass codes every time it is used, such as the YubiKey. The best security practice is to use something you have with something you know. With the YubiKey, the password becomes a supporting element rather than the main defense; thus a simple PIN suffices to protect you against misuse of your YubiKey by those around you.

 

What is the user experience of YubiKey NEO and U2F?

It is easier to use a YubiKey NEO with U2F than logging in with a username/password. With NFC mobile devices, all you need to do is to enter a PIN and tap the YubiKey NEO to an NFC-capable phone or tablet. With computers, you place the YubiKey NEO in the USB-port enter a PIN and touch the device. And you will only need a YubiKey and a simple password for any number of services. To see how it works, watch this video.

 

Why is a hardware key better than software-based authentication methods?

A software application, regardless if it’s on your computer or your smart phone, can be easily targeted and misused by malware – which has already happened to SMS and authentication apps. The best security practice is to move login credentials to a separate hardware device not connected to the Internet. To further improve security, it is recommended to use PKI encryption with session security, and a user presence touch button; features uniquely provided by the Yubikey NEO and the U2F specifications.

 

Will U2F support software-only implementations?

The initial U2F deployments inside Google and elsewhere are all based on hardware devices. However, for lower security applications, U2F software-only implementations are likely to be offered down the road.

 

Why can’t I have my identity and a security chip integrated in my device instead?

A user identity, including U2F specifications, can be integrated directly in your smartphone or computer using TPM, Arm TrustZone, SIM Card or a secure element. While this approach reduces the number of separate devices needed, it has notable disadvantages from a security, privacy and mobility perspective.

Security – Identity and authentication technologies that are permanently connected to a computer or phone fails to meet the “not connected to the Internet” best practice for storing sensitive secrets. These devices are all more or less exposed to malware, malicious apps, Wi-Fi exploits and VPN masking. In addition, they don’t help against the social attacks (i.e., software tricking the user into doing something unintended) which will continue to be the easiest way to attack users. Those social attacks will always be available on general multi-purpose devices where users can download and install apps on their own, and provide an avenue to attack the secure elements directly.

Mobility – With your credentials tied to a integrated device, it may be difficult to move your identity between other devices, or to use a computer at a hotel or friend’s house. For the majority of high security applications that are performed on computers, it may not help to have an identity tied to a phone, as there is no communication standard between all computers and mobile devices.

Privacy – The device identity may be controlled or monitored by the telecoms provider or other party, which may add cost, complexity and privacy concerns. In a time of “Big Data” and government surveillance, many enterprises and individual users have concerns about privacy. What’s more, tying your identity to a device does not easily allow for multiple identities, such as separate identities for work and personal accounts.

 

Why would users want to have multiple identities?

U2F and Yubico supports an open identity eco-system where users can be secure – but still guard privacy. Just as with email, many users chose to have multiple accounts; a real/personal, a real/job and an high privacy/alter ego or spam email account. We want to help you to prove that you are the legitimate owner of an account, while not requiring additional personal information. We also want to support use cases where identities are used for a limited time and revoked when needed. We believe you should be in control about how sites track you over your digital life; With the YubiKey NEO and U2F, minting new Private/Public key pairs for each site, tracking across sites is not enabled.

 

I still do not like to have to keep track of one more thing.

You will not need to. U2F is designed for secure elements; high security chips, for integration into many of the things you are likely to carry with you today; a card in your wallet, a key in your key-chain or directly in your phone. Therefor the U2F technology gives you the choice; you can use it embedded into your existing devices for low-risk purposes, or use U2F via a Yubikey NEO when you want better mobility, privacy and security properties.

 

So, what about fingerprints or face recognition?

We don’t believe that biometrics sent over the wire to authenticate users is appropriate for privacy and security reasons; Your fingerprint is a static and unique image that can be copied and misused – but not revoked. However, once the technology is proven to be more dependable, biometrics to unlock a phone or computer could be useful, but where the actual interaction and authentication is done between a security chip in the device and the server. But as discussed earlier, having a security chip permanently tied to a computer or phone device may have limitations from a security, privacy and mobility perspective.

 

When will NFC get mass adoption?

The majority of high security applications requiring strong second factor login are still performed from a computer with a USB-port. To address the growing use of mobile devices, YubiKey NEO and U2F also support NFC. While Apple is waiting to adopt NFC, their competitors, who represent a combined 80% smart phone market share, will have sold more than 200 million NFC enabled devices in 2013. Banks are pushing NFC enabled payment solutions and critical mass is being achieved in several countries. Once the next generation NFC credit- and debit cards have been deployed, allowing “one touch” secure payments directly on your own phone and computer, there will be a market demand for NFC on all devices and platforms.

 

How does the Yubico identity vision relate to federated identity services?

It is very complementary to SAML, Open ID Connect, etc, as these protocols enable powerful single sign-on opportunities but need to be combined with two-factor authentication. U2F is based on a PKI infrastructure where every service provider can optionally also be their own identity provider. When user data and cryptographic secrets do not need to be shared between service providers, both security and user privacy can be enhanced.

 

Why would users want to pay for their online identity?

In a time where users’ personal information is collected and used by a growing number of organizations, many users are growing concerned about privacy. Once a single U2F device can be used for a multitude of popular services, users will want to buy, own and control their own online identity, that does not need to be tied to a service provider. Also, with a physical U2F device, users will be ensured that their online identity is well protected and is not being exposed to malware, which has already happened to software authentication apps. Some service providers will offer financial incentives for users to buy and use a U2F device with their service, but many users will also be willing to pay for it themselves. In partnership with leading password managers, Yubico has already proven that there is a real market demand for a single and secure authentication hardware solution. Also, the millions of end-users who have purchased anti-virus software, prove that we are willing to pay to protect ourselves on the Internet.

The U2F and the NEO technology still allows enterprises and organisations to purchase larger volumes of devices and put them in the hands of their users, so you can chose whether to adopt the model where the user acquires and own the device and where the service organisation purchases and deploy the device.

 

What would happen if a user loses a U2F device?

A user will be able to have multiple and back-up U2F devices enrolled with an account, with the possibility to easily disable a lost device. Similar to other account recovery processes, the service provider may also choose to send “recovery codes” over email or phone as a back-up to the physical device. Ultimately, revocation is something that needs to be resolved by each website that authenticates users because they have the direct relationship with the user. U2F does not solve this problem, but makes it easier to have stronger recovery processes by introducing new authentication factors.

 

Why can’t we use Big Data to fix the authentication problem?

Server side risk evaluation software has its place in services, especially involving high-value transactions. However, easy-to-use strong authentication is critical in striking a balance between ease of use, reducing false positives and eliminating fraud. Computers, phones and networks will never be free from malware, and users will need to move their secure identity between devices and services. The YubiKey NEO with U2F enables true end-point authentication, where we only need to trust a key in our pocket and the services it connects to.

 

What are the main barriers in the broad adoption of YubiKey and U2F?

The inventor of the 3-point seatbelt at Volvo realized that security needs be really quick, simple and made into an open standard to scale. Online authentication for the masses has the same requirements. A YubiKey with U2F is easier to use than easier to use and more secure than traditional two-factor solutions, and is being supported and deployed by leading Internet thought leaders, including Google. This is a great start, but just like the seat belt; mass adoption will be derived from more severe accidents, increased concerns about security and privacy, and government and industry regulation.

 

What is the business incentive for driving a new open authentication initiative?

Yubico recognizes the potential that a higher level of authentication using PKI can offer, designed with better usability and less complexity than solutions available today. We found that Google’s authentication efforts are aligned with these goals. To support a next generation secure Internet, scaling our technology to as many services as possible, our approach is to make U2F a new and truly open standard.

 

How would you make high security transactions with a device you could purchase at your corner store?

For some identities you may choose to be secure and “anonymous”. For services requiring a higher level of identity assurance, you would bring your identity device along with your Passport, driver licence or ID to an official location which would associate your U2F device with your real identity. There are also online services offering identity proofing which could accredit your device.

 

What authentication technology initiative do you see as your biggest competitor?

All initiatives in this space help to educate and challenge the market for something better than the legacy username/password. There will not be one single authentication method and security protocol to rule the world, but the winners will address different needs and be open and interoperable. And Yubico’s focus is to make online authentication as easy and affordable as possible, yet retaining the highest level of security and privacy.

Stina Ehrensvard

Yubico’s Vision for Secure Online Identities

Wired Magazine recently announced that Google is working on a new online authentication protocol as an alternative to legacy username/password login. Yubico and NXP are co-creators of this protocol, designed to be integrated across a wide range of devices, including SIM cards, YubiKey NEOs, or a ring you carry on your finger, and to solve some of the fundamental problems with online identity. And these are problems we need to fix soon. Very soon. Or billions of people, along with the great creation named the Internet, will be in serious trouble.

At this stage we cannot say which route we will choose to ensure mass adoption of this new security protocol. But we can say that Yubico has decided to engage in the project as we believe it could be a game changer.

And this is the vision: 

Imagine that you have one single key and one single password to securely access all your Internet life. 

The key would not be issued, controlled or hosted by a government or a service provider. Instead, you would buy this key at your retail store, such as 7-Eleven or Amazon.com, similar to a gift card or pre-paid phone card.

The key would remain in your own full control, guarding your privacy. And you may even choose to have multiple keys and identities, enabling you to protect your digital identity while remaining anonymous.

From your computer or mobile device, you would be able to instantly, with no required software installed, connect your key to any number of online services. Placed in the USB-port or tapped to your NFC phone/tablet/laptop you would replace all your multiple, long, painful passwords with a simple touch. Combined with a simple PIN or password, you would then securely access your email, bank, healthcare records or any online account.

With built-in support for platforms and browsers, the key would offer superior security, protecting against man-in-the-middle and phishing – but with no drivers or client software needed.

With an open source approach and a clever ecosystem, there would be no fees for service providers, and the costly Certificate Authority model associated with traditional smart cards could be eliminated. But more importantly, there would be no single token or service provider who would control your digital identity or any cryptographic secrets.

Yes, there are a few obstacles to overcome, including aligning influential thought-leaders and global stake holders on the same page. But if enough people want to, it would be possible to create a new, really simple, secure and affordable online identity solution as outlined above.

Bring it out – click – go!

PS. Please find additional comments on this topic in the Future of Authentication FAQ 

Special Holiday Offer
Stina Ehrensvard

Special Holiday Offer

It’s time for Yubico’s Special Holiday Offer! The v2.3 firmware has just been released and the Yubico team, with help from Rob, our hard working robot, have put together a Holiday Pack to give you a chance to try it out.

Here’s what you get with a purchase of the Holiday Pack: two black YubiKey Standards and a very special Gold Edition of the YubiKey Nano. Fancy! And yes, all YubiKeys in the Holiday Pack comes with v2.3 firmware. You’ll save 35% on the Holiday Pack as compared to buying them separately, not forgetting the special edition of the Nano that’s currently only available with the Holiday Pack.

Click here to order online, but remember that we have limited stocks.

Enjoy the holiday season trying out the new features!

Ronnie Manning

Yubico Launches YubiHSM 2: The World’s Smallest and Best Price/Performance Hardware Security Module, Providing Root of Trust for Servers and Computing Devices

PALO ALTO, CA – October 31, 2017 – Yubico, the leading provider of authentication and encryption hardware devices for the modern web, today launched the YubiHSM 2, a new, cost-effective Hardware Security Module (HSM) for servers and IoT gateways. The product delivers the highest levels of security for cryptographic digital key generation, storage, and management, supporting an extensive range of enterprise environments and applications.

YubiHSM 2, a new, cost-effective Hardware Security Module (HSM) for servers and IoT gateways

The YubiHSM 2 differs from traditional HSM models — historically limited in use by cost, size, and performance — by offering advanced digital key protection capabilities and benefits at a price within reach for all organizations. Delivered in an ultra-slim “nano” form factor, the YubiHSM 2 fits inside a USB port, eliminating the need for bulky additional hardware, and offers flexibility for offline key transfer or backup. 

Essential security features, including hashing, asymmetric, and symmetric cryptography, are supported by the YubiHSM 2 to protect cryptographic keys while at rest or in use. These keys are most often used by certificate authorities, databases, code signing, and more, to secure critical applications, identities, and sensitive data in an enterprise. Furthermore, the integrity and privacy of commands and data in transit between the application and YubiHSM 2 are protected using a mutually authenticated, integrity- and confidentiality-protected tunnel.

“It’s estimated that 95% of all IT breaches happen when a user credential or server gets hacked. For years Yubico has been protecting user accounts from remote hijacking with our unphishable YubiKey authentication devices, but we knew that millions of servers storing sensitive data were still lacking physical security,” said Stina Ehrensvard, CEO and Founder, Yubico. “It was important to us that we brought a solution to market that embodied the signature Yubico standards of high-security, convenience, and affordability. Now, with the addition of YubiHSM 2, we can enable critical server security for organizations worldwide — regardless of size or budget.”

Common use cases for  the YubiHSM 2 include protecting cryptographic keys stored on servers used in data centers, cloud server infrastructures, manufacturing and industrial services. Critical security benefits include:

  • Secure Microsoft’s Active Directory Certificate Services – YubiHSM 2 provides a cost-effective hardware-backed key to secure digital keys used in a Microsoft-based PKI implementation. Deploying YubiHSM 2 to Microsoft Active Directory Certificate services not only guards the CA root keys but also protects all signing and verification services using the root key.
  • Enhance Protection for Cryptographic Keys – YubiHSM 2 offers a compelling option for secure generation, storage and management of digital keys including essential capabilities to generate, write, sign, decrypt, hash and wrap keys.
  • Enable Hardware-Based Cryptographic Operations – YubiHSM 2 can be used as a comprehensive cryptographic toolbox for a wide range of open source and commercial applications. The most common use case being hardware-based digital signature generation and verification. The YubiHSM 2 features can be accessed through Yubico’s Key Storage Provider (KSP) for industry-standard PKCS#11 or Microsoft’s CNG, or via native Windows, Linux and macOS libraries.

Additional features include, optional network-sharing, role-based access controls, remote management, M of N wrap key backup and restore, tamper evident audit logging, concurrent connections (up to 16), and extensive cryptographic capabilities (RSA, ECC, ECDSA (ed25519), SHA-2, and AES).

For more information on the YubiHSM 2, visit https://www.yubico.com/products/yubihsm. Units are available for purchase at www.Yubico.com/store for $650 US. To learn more about Yubico and the company’s products and ecosystem, please visit www.Yubico.com.

 

About Yubico
Yubico sets new global standards for simple and secure access to computers, servers, and internet accounts.

The company’s core invention, the YubiKey, delivers strong hardware protection, with a simple touch, across any number of IT systems and online services. The YubiHSM, Yubico’s ultra-portable hardware security module, protects sensitive data stored in servers.

Yubico is a leading contributor to the FIDO Universal 2nd Factor open authentication standard, and the company’s technology is deployed and loved by 9 of the top 10 internet brands and by millions of users in 160 countries.

Founded in 2007, Yubico is privately held, with offices in Sweden, UK, Germany, USA, Australia, and Singapore. For more information: www.yubico.com

 

Media Contact
Ronnie Manning
Senior Director, Public Relations
Yubico
619.822.2239
ronnie@yubico.com

Ronnie Manning

Yubico Launches the YubiKey 4C Nano, the World’s Smallest USB-C Authentication Device, at Microsoft Ignite

PALO ALTO, CA and ORLANDO, FL – Sept. 25, 2017 – Yubico, the leading provider of authentication and encryption hardware devices for the modern web, today launched the YubiKey 4C Nano, the world’s smallest, multi-protocol USB-C authentication device available. Yubico will demonstrate the new YubiKey USB-C form factor at the Microsoft Ignite conference (booth #2063) in Orlando, Florida on September 25-28, 2017.

YubiKey 4C Nano in USB-C port

YubiKey 4C Nano, the world’s smallest, multi-protocol USB-C authentication device

The YubiKey 4C Nano is an engineering and product design triumph, delivering enterprise-grade authentication functionality within a micro-sized hardware device. Its innovative ultra-slim USB-C form factor (12mm x 10.1mm x 7mm) is designed for use with the latest devices featuring USB-C ports, such as newly designed Mac and PC laptops. To enable the device to sit in the USB-C port as a semi-permanent installation, Yubico engineered a patent-pending connector design, creating the smallest USB-C authentication device on the market.

The YubiKey 4C Nano supports multiple authentication protocols similar to the other keys built on the YubiKey 4 platform, including the YubiKey 4, YubiKey 4 Nano, and YubiKey 4C. With one touch, it performs strong crypto and touch-to-sign, FIDO U2F (Universal 2nd Factor), one-time password (OTP), smart card (PIV), and smart card (OpenPGP).

When Yubico launched the YubiKey 4C keychain design in February 2017, customers demanded an even smaller YubiKey form factor with a USB-C design akin to the YubiKey 4 Nano. The YubiKey 4C Nano answers that demand, providing easy-to-use, strong two-factor authentication for secure, one-touch login.

“As we continue to see an onslaught of hacks and data breaches resulting from weak or stolen login credentials, two-factor authentication with the YubiKey is the easiest and most secure way to protect enterprise and consumer identities, accounts, and data,” said Stina Ehrensvard, CEO and Founder, Yubico. “We designed the YubiKey 4C Nano to be the most powerful USB-C authenticator on the market, built for the future as USB-C ports become more prevalent across mobile and computing devices.”

Requiring only a simple touch to authenticate, the YubiKey 4C Nano secures access to a wide range of enterprise and cloud-based applications, including Windows smart card login and Windows Hello functionality, U2F strong authentication (Facebook, Google, Dropbox, GitHub, Salesforce, etc.), password managers (LastPass, Dashlane, etc.), remote access, VPN, and much more. The YubiKey works on Microsoft Windows, Mac, Linux, and is supported natively in Chrome, Opera and in the pre-beta release of FireFox Nightly, eliminating the need for extra client software or drivers.

The YubiKey 4C Nano is available today at www.Yubico.com/store for $60 US. For more information on Yubico and the company’s products and ecosystem, please visit www.Yubico.com or stop by the Yubico booth #2063 at Microsoft Ignite.

About Yubico
Yubico sets new global standards for simple and secure access to computers, servers, and internet accounts.

The company’s core invention, the YubiKey, delivers strong hardware protection, with a simple touch, across any number of IT systems and online services. The YubiHSM, Yubico’s ultra-portable hardware security module, protects sensitive data inside standard servers.

Yubico is a leading contributor to the FIDO Universal 2nd Factor open authentication standard, and the company’s technology is deployed and loved by 9 of the top 10 internet brands and by millions of users in 160 countries.

Founded in 2007, Yubico is privately held, with offices in Sweden, UK, Germany, USA, Australia, and Singapore. For more information: www.yubico.com

Media Contact
Ronnie Manning
Senior Director, Public Relations
Yubico
ronnie@yubico.com
619.822.2239

Ronnie Manning

UK Becomes the First Government to Offer Secure Online Identities Based on FIDO U2F Standards

STOCKHOLM & AMSTERDAM, March 23, 2016 – Yubico, the leading provider of simple, open and strong authentication, and Digidentity, a leading identity service provider, today announced a partnership to enable FIDO Universal 2nd Factor (U2F) authentication and YubiKeys for UK government services. The joint solution allows all UK citizens to easily and securely access GOV.UK Verify digital public services.

Compromised online identities have reached a level that has exposed the weaknesses in usernames and passwords as well as traditional software security solutions. Government services around the world have a growing demand for strong two-factor authentication, but traditional hardware technologies have been too costly and complicated to scale for most countries and internet users.

The new open authentication standard FIDO U2F changes that model. Successfully deployed and supported by leading commercial service providers, including Gmail and Dropbox, FIDO U2F is now also supported in UK government services, including for identity assurance.

GOV.UK Verify is a new simple way for UK citizens to access an increasing range of UK government services online. This is the first government service in the world to make support for simple and strong FIDO U2F authenticators. The service works using a roster of identity providers, who check and confirm a user’s identity before they can access a government service. Digidentity is one of the UK government’s certified identity service providers.

“UK citizens can easily purchase a FIDO U2F device online and register it with Digidentity,” says Marcel Wendt, Digidentity CTO and co-founder. “With a quick online process, the user’s identity is verified and tied to the U2F device, and the data is encrypted to safeguard a user’s privacy. We are pleased to partner with Yubico, a driving contributor of the FIDO U2F standard, to make this happen.”

To authenticate to GOV.UK Verify using Digidentity with FIDO U2F, the user inserts a U2F YubiKey device into their computer’s USB port, and then touches the device. There are no drivers or client software to install. Later this year, U2F authentication via Near Field Communication (NFC) and Bluetooth will be supported by Digidentity for secure login from mobile devices.

“We are impressed with the online identity services that GOV.UK and Digidentity have developed and are now offering to UK citizens,” says Stina Ehrensvard, CEO and founder, Yubico. “We share their mission of making secure online identities easy and available for everyone.”

YubiKeys with FIDO U2F support are available (starting from £13/$18) at Amazon.com or from the Yubico Store. The same U2F key that works with GOV.UK Verify and Digidentity also works for logging in to a growing number of large scale commercial services, without any personal data or encryption secrets shared between service providers.

About Yubico
Yubico sets new world standards for simple, secure login, preventing unauthorized access to computers, servers, and internet accounts.

Supporting multiple authentication and encryption protocols on all devices and platforms, YubiKeys protect access to user accounts for the world’s largest enterprises with a simple touch, and with no driver or client software needed. Yubico is a leading contributor to the FIDO Universal 2nd Factor open authentication standard, and Yubico’s technology is used, and loved, in more than 150 countries.
Founded in 2007, Yubico is privately held with offices in Sweden, US and UK. For more information, please visit www.yubico.com.

About Digidentity
Digidentity makes your online life simpler and safer by enabling secure and verified digital identities for everyone.

To do this, Digidentity developed services focused on a unique digital identity, where the user and their privacy are key. Digidentity is also a supplier of SSL certificates and qualified digital signatures. Digidentity provides national digital identity solutions to the Dutch and British governments, as well as solutions for a large variety of organizations. Providing identities to more than 12 million Europeans, Digidentity executes more than 150 million secure online transactions per year between people, organizations, and governments.

Founded in 2008, Digidentity is privately held in The Netherlands. For more information, please visit www.digidentity.com.

Media Contact
Ronnie Manning
Director, Public Relations
Yubico, Inc.
Ronnie@Yubico.com
1.619.822.2239

Ronnie Manning

YubiKey and U2F at CES ShowStoppers – Yubico Demonstrates Mobile Contactless, Tokenless, and Passwordless Authentication

PALO ALTO, CA, JAN. 6, 2016 – Yubico, the leading provider of simple and open online identity protection, today announced it will be participating at ShowStoppers @ CES (Consumer Electronics Show) 2016.  Yubico will be demonstrating the first FIDO U2F-certified NFC-enabled YubiKey and a preview of a software-based U2F mobile client that brings public-key cryptography to both consumer and enterprise mobile users with a tokenless and passwordless experience.

YubiKey NEO

One Touch, Secure Login with YubiKey at ShowStoppers @ CES

Yubico will be exhibiting at booth B-12 at ShowStoppers on Wednesday, January 6, 2016, 6-10 p.m., at the Wynn Las Vegas.

Hacking, data loss, and identity theft is no longer just a concern to enterprises, but a threat that reaches everyone online.  The time is now and the technology is here for consumers to protect themselves beyond just a username and password.  Yubico’s YubiKey holds the promise of a more secure online and mobile consumer experience, and a dramatic increase in enterprise security.

The YubiKey NEO is the first device certified for U2F mobile authentication over NFC (Near Field Communication).  At ShowStoppers, Yubico will demonstrate how a single YubiKey NEO securely authenticates to both online services via USB and a U2F supported mobile login, with a simple tap of the YubiKey to an NFC-enabled mobile device.

“2016 is the year when FIDO U2F will unfold its promise of a ‘universal’ second factor,” said Stina Ehrensvard, CEO and Founder, Yubico, Inc. “This year, we expect to see many more large-scale online service providers announce their support for U2F and YubiKeys, targeting both consumers and enterprises.”

Also at Showstoppers, Yubico is demonstrating a software-based U2F mobile client (iOS/Android) that does not require additional hardware. With the U2F mobile client, second-factor authentication can be a password or the fingerprint used to unlock the phone, enabling the first tokenless and passwordless user experience for FIDO U2F.

While external hardware authenticators without internet connections offer the highest level of identity protection, Yubico’s U2F mobile client provides a heightened level of security compared to a static username and password login. As an example, an online bank that adds supports for U2F can allow its mobile users to perform lower-value transactions using the U2F mobile client only, while higher-value transactions would require U2F hardware authentication.

The YubiKey NEO is available today at Amazon.com and Yubico web store for $50 (single quantity retail price).

 

 

 

Media Contact
Ronnie Manning
Director, Public Relations
619.822.2239
Ronnie@Yubico.com