Story image

Hands-on review: Quick and easy authentication with YubiKeys

12 Dec 18
Sponsored

Consumers tend to believe that setting up two-factor authentication puts them at the height of cybersecurity best practice – but this belief is misled.

Mobile text-based two-factor authentication is no longer a trustworthy second factor as it isn’t effective against phishing attacks.

Social engineering scams can and do target text messages to route to cybercriminals’ devices, porting the second factor to a mobile device owned by a criminal.

Instead of text-based two-factor authentication, one of the most secure options available to consumers available is a security key like Yubico’s YubiKeys.

YubiKeys uses a hardware chip to provide safe and secure authentication – use of YubiKeys are mandatory for all Google employees.

As someone who has been aware of how easily text-based two-factor authentication can be compromised for a while, I was really excited about the opportunity to review a YubiKey.

What it did well

I decided to use the YubiKey 5C, which is compatible with USB-C ports.

The YubiKey is easy to set up from any web browser, with a start page that links you to setup instructions for several of the most likely services you will probably want to use it on.

I found some services easier to set up than others, with most requiring you to set up a mobile number for two-factor authentication (the exact thing I was trying to avoid) before allowing you to set up the YubiKey and delete my mobile number as a factor.

However, in all cases, the YubiKey was detected and registered by my laptop and the service easily.

Once set up, authentication with the YubiKey involves plugging in the key and touching the gold button on the key.

I liked the simplicity of this one-touch process, and I can see it how it can be adopted easily by even those who don’t consider themselves to be tech-savvy.

I was also surprised to see how wide the variety of platform supporting the YubiKey was, ranging from enterprise platforms like ESET, RSA, and Salesforce, to the opposite end of the spectrum with gaming platforms such as Nintendo and Electronic Arts.

The YubiKey is also made to be highly durable – it’s crush- and water- resistant.

NFC and Passwordless 

The Yubikeys also have a YubiKey 5 NFC version that can be used with NFC-enabled mobile devices.

As an iPhone user, I wasn’t able to test this feature. However, having an NFC-enabled security key brings a new level of convenience to two-factor authentication on mobile devices that don’t need to be tied into SIM cards.

For enterprises whose employees have multiple endpoints, this is a great way to provide passwordless tap-and-go authentication to services such as Microsoft Accounts.

YubiKeys also come in nano versions, with extremely small form factors compatible with USB and USB-C ports. 

Yubico says the nanos are designed to be semi-permanent inside a USB drive or USD-C drive so they don't fall out of machines like laptops, which get moved around a lot.

This correlated with my experience, and I found that the nanos were highly unobtrusive and virtually invisible once plugged into my laptop.  

Yubico's aim with the nanos is to provide a seamless user experience that is easy to use, fast and reliable and is proven to significantly reduce IT costs.

Additionally, the 5C Nano can also work with supported mobile devices via their USB-C ports.

Verdict

Two-factor authentication was meant to make it easier to secure online services, but cybercriminals have found a way around text-based authentication.

YubiKeys offer a highly simple and secure alternative two-factor authentication token that is easy to set up for both consumers and enterprise users.

Hillstone CTO's 2019 security predictions
Hillstone Networks CTO Tim Liu shares what key developments could be expected in the areas of security compliance, cloud, security, AI and IoT.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.
Huawei founder publically denies spying allegations
“After all the evidence is made public, we will rely on the justice system.”
Malware downloader on the rise in Check Point’s latest Threat Index
Organisations continue to be targeted by cryptominers, despite an overall drop in value across all cryptocurrencies in 2018.
IoT breaches: Nearly half of businesses still can’t detect them
The Internet of Thing’s (IoT’s) rapid rise to prominence may have compromised its security, if a new report from Gemalto is anything to go by.