Thursday, 19 February 2015

[Review] Yubikey.Unlocking your the future.


The Dilemma:
Increasing numbers in identity theft and online frauds are no longer breaking news, it's a part of the everyday news all over the world unfortunately.
Securing your own private data , your small business economic or securing access to your enterprise network is a challenge for humanity one might say without overstating anything.
Password managers, certificates and SSL secured communications are really becoming a de-facto part of every kind of infrastructure these days, even in the privacy of your own domain.

The Solution?
There are many answers to this dilemma. One of these solutions could be the Yubikey.
FIDO U2F Security Key and YubiKey NEO

So what does these Yubikeys do ?
Yubikey provides One Time Passwords that are unique, non-replicable for webservices , computer logons, disk encryption, applications just to mention a few.
Additionaly , Google unveiled support for Fido UF2 Security Key Support in 2014.
So Yubikey can be used to keep your Gmail account secure with the 2-way authentication support and your Google Apps can also be secured the same way.

Now, what is this One Time Password - sorcery we are talking about ?
Simply put,quoting Yubico's own phrasing:

"The YubiKey is a second authentication method based on a unique physical token which cannot be duplicated or recorded, providing a credential based on something only an authorized user possesses. Used with a standard username and password, the YubiKey provides a strong, two-factor authentication to any site, service or application."

Passwords generated by the Yubikey are unique, never the same thanks to the 44-character, one use, secure, 128-bit encrypted Public ID and Password generated each time it's used.
Near impossible to spoof.
For a more detailed description of OTP, head over to this excellent post.

There you have it, but that's just the beginning really.
Behind that sleek look of the outer design lies functionality  making the  Yubikey quite unique.
To begin with , there is no battery ,which means no need to worry about power.
No moving parts at all actually.
Drivers for installing the device ?
Not needed since the Yubikey emulates a standard keyboard once plugged in to a USB port of your Windows based PC, Linux powered geek-station or your Macbook.
No platforms forgotten here !
And there is more, NFC for those who need it which expands the platform range into Android devices as well. 


We have only scratched the surface of the universe of Yubikey, and it goes without saying we will see more of Yubico as a company in the future and Androidistica is looking forward to it.

Yubico has been around since 2007, working on making authentication more secure and they have not forgotten the open source part of life, on the contrary.
At Yubico Developers you get a all that's needed for a good start if you are about to start developing your own personalised solutions for secure access with Yubikeys.

Yubico is truly a pioneer company supporting the UF2 Security standard and being able to bring this into Google domains, including Google Chrome is a good pointer of Yubico being on the right track.

Stina Ehrensvard summarizes it good in her post :
"Now is the time to reclaim the Internet. To all of us who own it and to all of us who are constantly re-creating it: Let’s not let the fraudsters limit the potential of what the Internet is and can be!"
Stina Ehrensvard, CEO and Founder