YubiKey wants to be like Touch ID for your Internet life

By

YubiKey opens the way to online security. Photo: Jim Merithew/Cult of Mac
YubiKey can make online security easy -- if it gains widespread adoption. Photo: Jim Merithew/Cult of Mac

LAS VEGAS — Nobody wants to get hacked like Jennifer Lawrence’s iCloud account. Everyone, including Apple, is pushing two-factor authentication in the wake of the high-profile hack that exposed dozens of celebrities nude selfies, but verifying an account login with a code sent to your phone is a total pain.

Cult_of_Mac_CES_2015 In the not-so-distant future, we might all be storing two-factor authentication on our keychains.

Yubico is already providing eight out of 10 Silicon Valley companies with a tiny USB dongle called YubiKey that securely verifies an employee’s online identity. You just plug it into a computer and tap it when it’s time to log in. Now that Gmail has started supporting YubiKey on the front end, anyone can use it as the second verification step for getting into their inbox.

In a demo at International CES, Yubico was quick to point out that many big tech companies (Google, Facebook, Microsoft, Dropbox, etc.) supply their employees with YubiKeys to use internally. But that doesn’t mean they’ve been able to offer any value for average users like you and me. That won’t happen till everyone supports Yubico’s open-source security standard, like Google already does with Gmail.

Here’s the scenario: You’re logging in to Dropbox on your Mac with two-factor verification enabled. Instead of Dropbox sending a temporary passcode to your phone as the second step, you pop the YubiKey in and gently tap it. The key supplies a one-time password string that Dropbox verifies and uses to log you in. Easy enough.

The YubiKey is designed to work on any computer, and while it doesn’t have fancy biometric scanning like Touch ID, ubiquity could propel it forward. Or not. Most people don’t worry too much about their passwords until something nasty happens.