LAS VEGAS — Nobody wants to get hacked like Jennifer Lawrence’s iCloud account. Everyone, including Apple, is pushing two-factor authentication in the wake of the high-profile hack that exposed dozens of celebrities nude selfies, but verifying an account login with a code sent to your phone is a total pain.
In the not-so-distant future, we might all be storing two-factor authentication on our keychains.
Yubico is already providing eight out of 10 Silicon Valley companies with a tiny USB dongle called YubiKey that securely verifies an employee’s online identity. You just plug it into a computer and tap it when it’s time to log in. Now that Gmail has started supporting YubiKey on the front end, anyone can use it as the second verification step for getting into their inbox.
In a demo at International CES, Yubico was quick to point out that many big tech companies (Google, Facebook, Microsoft, Dropbox, etc.) supply their employees with YubiKeys to use internally. But that doesn’t mean they’ve been able to offer any value for average users like you and me. That won’t happen till everyone supports Yubico’s open-source security standard, like Google already does with Gmail.
Here’s the scenario: You’re logging in to Dropbox on your Mac with two-factor verification enabled. Instead of Dropbox sending a temporary passcode to your phone as the second step, you pop the YubiKey in and gently tap it. The key supplies a one-time password string that Dropbox verifies and uses to log you in. Easy enough.
The YubiKey is designed to work on any computer, and while it doesn’t have fancy biometric scanning like Touch ID, ubiquity could propel it forward. Or not. Most people don’t worry too much about their passwords until something nasty happens.
Alex Heath is a journalist who works for Tech Insider. He’s the former co-host of The CultCast. He has been quoted by the likes of the BBC, KRON 4 News, and books like “ICONIC: A Photographic Tribute to Apple Innovation.” He lives in Lexington, Kentucky. If you want to pitch a story, share a tip, or just get in touch, additional contact information is available on his personal site. Follow him on Twitter.
4 responses to “YubiKey wants to be like Touch ID for your Internet life”
I have been using a YubiKey for 18 months now with several services, and I personally have the Nano, which I would not recommend from a security standpoint. Specifically its designed to be left in the PC, at which point what is the point of it as 2nd factor for Authentication. I will be replacing it with a larger one at some point to fix this issue and destroying the Nano for security purposes. Just something to consider
Do they really expect a small physical token carried around in a pocket of a person to be very helpful to verify the that person when a mobile device is carried around in his another pocket?
YubiKey is great. Here’s to more services supporting it in the future.
I ordered the Yubikey Neo, it’s pretty much the best of both world’s. It supports both Google and Lastpass, and also has NFC so I can use it to log in to Lastpass on my phone.