They won't have to worry about passwords. "Banks and enterprises don't need to push it. It's not owned or controlled by the government, or the bank, or the cloud. Then use it to authenticate without giving away details about your identity. They can buy their secure device many places we are the first, but there will be others. "With U2F, users get control of their identity. "People are more and more aware of privacy issues, in part due to the NSA revelations," said Ehrensvärd. "Yubikey Neo won't be available to the public until later this year," she said, "but several large partners are already using it internally, for their staff. There's also no special reader needed as with a chip and PIN credit card." There's no third-party storage that could be hacked. "The important thing," said Ehrensvärd, "is that the device interacts with each site directly. Enter your PIN if required, touch the device, and it authenticates you.
(Support for iOS is in the works, but Ehrensvärd wasn't free to discuss details). For Android smartphones, it connects via NFC for PCs and Macs, via USB. When you register a Yubikey Neo with a supporting website, it generates a unique public/private key pair. In fact, the company name Yubico comes from the word 'ubiquitous'." "With a U2F device, you can have one device for unlimited services," she said. You could use a phone and have multiple security apps for different services, but phones can be hacked." The probem with existing Yubikeys and other hardware security devices is that you have one device for each service. "The result is FIDO Universal Second Factor, or U2F (Opens in a new window), implemented in our Yubikey Neo device. "We've merged our efforts with FIDO," said Ehrensvärd.
The FIDO (Fast IDentity Online) Alliance (Opens in a new window) includes some huge players, among them Microsoft, Mastercard, PayPal, Bank of America, and many more. "We initiated this project with Google, and it's now being used inside Google." "We wanted to bring smart card authentication technology to the mass consumer market, but removing drivers, middleware…something that has as good security as a smartcard without the complexity," she said. At the RSA Conference in San Francisco, Yubico CEO and Founder Stina Ehrensvärd enthusiastically shared what's coming from Yubico. The company has grown mightily since that time, and will soon offer a unique "universal second factor" authentication technique. Yubico introduced the Yubikey hardware authentication device in 2008, but at the time there wasn't much the average consumer could use it for except logging in to LastPass.
0 kommentar(er)
