Security – we know we need it, but sometimes it’s just too hard. In the ever-escalating war between technology vendors and bad actors, the playing field is skewed because the most secure approaches are often the most difficult to use. After all, ultra-secure approaches towards technology exist, but sometimes the burden they put upon users is just too great. Two Factor Authentication is a good example of this – having to rely on an authentication application on a mobile device, or receiving SMS messages increases the user burden and, counter-productively often results in lower levels of security.
This is the problem set that Yubico thinks about every day. The company has singular vision – to set a new standard for security which is both simple, and strong. Yubico’s core product is the YubiKey, a hardware device that delivers protection via a physical device. The YubiKey acts as a second-factor device, providing an easy way to adhere to 2FA best practice.
Yubico is also a contributor to the FIDO Universal 2nd Factor open authentication standard, and the company’s technology is deployed by nine of the top 10 internet brands including Facebook and Google.
Getting smaller and smaller
I’ve used a YubiKey a bit but have always found that the device, which is configured as a USB dongle, is just a little bit big for my liking. It makes getting a laptop in and out of a bag a two-step process – take out the USB key and then put the laptop in the bag. Add to that the fact that my laptop of choice (which, as an aside, is the gorgeous Dell XPS) only comes with the new USB-C ports, and you had a bit of a barrier.
So I was interested to hear that Yubico has just introduced the YubiKey 4C Nano, the world’s smallest, multi-protocol USB-C authentication device. The YubiKey 4C Nano is something of an engineering and product design triumph. it really is tiny (12mm x 10.1mm x 7mm), and despite its size, still ticks the second-factor boxes. The new device is designed for a semi-permanent installation.
The YubiKey 4C Nano supports multiple authentication protocols similar to the other keys built on the YubiKey 4 platform. With a single touch, it performs strong crypto and touch-to-sign, FIDO U2F (Universal 2nd Factor), one-time password (OTP), smart card (PIV), and smart card (OpenPGP).
Broad support
The main thing with device-based 2FA solutions is that they need to support the widest range of services. Yubico’s range is pretty broad and includes Windows smart card login and Windows Hello functionality, U2F strong authentication (Facebook, Google, Dropbox, GitHub, Salesforce, etc.), password managers (LastPass, Dashlane, etc.), remote access, and VPN. In terms of devices platforms supported, the YubiKey works on Microsoft Windows, Mac, Linux, and is supported natively in Chrome, Opera and in the pre-beta release of FireFox Nightly.
Next steps
Now that Yubico has a broad range of devices, its next priorities are broadening the protocol and platform support. The upcoming FIDO2 and WebAuthn standards will expand the capabilities. In addition to that, Yubico is finalizing its second-generation YubiHSM product, which extends the reach of the YubiKey to the backend of the authentication and encryption ecosystem, bringing cryptography for servers to the masses.
MyPOV
I was lucky enough to pick up a trial device the day they came out. The device hasn’t left my laptop since I got it and, simply enough, does what it says it will. I have an on-again, off-again history with 2FA, sometimes finding it a little bit of a hassle and hence turning it off – the new YubiKey is going to make it more likely that I stick to better security practices in the future.
