reichelt shop | reicheltpedia

    • YubiKey: No more authentication problems with a simple security solution

    Unforgettable access protection instead of stolen passwords

    Who doesn’t see an annoying problem in effectively protecting access to online accounts? Almost all professionals and private individuals are now faced with this challenge. No matter what traditional password strategy is followed, it remains nerve-wracking and risky. Because the choice consists in principle: to use (too) simple passwords or complex passwords that are easily forgotten or pose a risk when used multiple times. In addition, stolen credentials are a major security concern for organizations.

    According to Yubico, on average, less than 10% of budgets are spent on preventing credential leaks, despite more than 80% of all security breaches. As the IDG study “Cyber Security 2020” shows, end device security is one of the greatest security tasks for the C-level decision-makers surveyed today. End devices are of crucial importance, both in the frequently used home office and as access to the cloud services.

    There are more and more professional and private users who have recognized that a secure authentication solution is required. Many are already using these: hardware-based keys that offer significantly higher protection than passwords. These USB/NFC security keys – such as the YubiKeys from Yubico – create more security. They are always with the user in or on the device and act as a high hurdle in the authentication process that is almost impossible to circumvent. Among other things, they protect against phishing and MITM (Man In The Middle) attacks, in which OTPs (One Time Passwords), for example, could otherwise be intercepted.

    Die YubiKeys der Serie 5
    The 5 Series YubiKeys

    This guide explains the different authentication options, what to consider when using hardware-based keys, why the YubiKey is the market leader, how the different models differ, and why the investment is worthwhile.

    Authentication the traditional way

    If you do a lot online, you can easily have a number of online accounts and just as many accounts as an orderer in online shops. This large number of accesses has so far been provided with user names – e-mail addresses or better alphanumeric alternatives as placeholders – protected with passwords that are as complex and different as possible.

    To prevent all user accounts from being hijacked in the event of a possible theft of a password with a user name or e-mail address, software providers recommend their users to use more complex, longer, but also different – if possible unique – passwords for each account. Google, for example, regularly and automatically checks for (too many) the same passwords from other user accesses, provided that the Google account has been authorized to save and retrieve them. Unsurprisingly, the search engine provider often recognizes duplicate passwords and informs the user of the insufficient security when reassigning the same password.

    Additional security via OTPs is common today, sent by the respective account provider by e-mail or online/by SMS to the smartphone. The resulting innumerable user names and above all passwords should of course all be remembered or noted and found again. This entails a huge organizational and time effort.

    Authentication with security keys is future-proof

    Hardware encryption offers an alternative. There are three types of authentication:

    • 1FA or one-factor authentication: The hardware key alone protects access.
    • The 2FA or two-factor authentication: The hardware key is supplemented with a password, so that due to the hardware, the entire protection does not depend on the passwords. Passwords that are used more than once are therefore more justifiable. This speeds up and simplifies handling.
    • The MFA or multi-factor authentication: The hardware key combined with a PIN or – better – with a biometric identifier (e.g. fingerprint or face recognition) ensures the greatest possible protection.
    Different options for authentication with FIDO2 (Source: Yubico)
    Different options for authentication with FIDO2 (Source: Yubico)

    In order for the whole thing to work at all, the user must register with the security key (new/changed) on the respective platforms and the online accounts that are to receive this access protection. Of course, it only works if both the affected software (browser, etc.) and the account providers meet at least one of the standards and protocols used by the key. The most important ones include FIDO-U2F and FIDO2. Unfortunately, not all platforms, shop operators and other providers are prepared for this. Users could certainly wish for more enthusiasm in the distribution of providers such as German banks.

    Advantages of authentication with a hardware token

    • With the FIDO key, it is no problem to work regularly on third-party devices.
    • The registration processes are significantly faster and easier, the user has a higher level of user comfort.
    • Virtually no manipulation options and protection against phishing.
    • The user is more protected and also feels safer thanks to a higher level of security.

    Here’s what to consider

    • The key must always be with you.
    • The key must not be lost, if it is, the key can be blocked.
    • At least one replacement key (or a replacement method) is therefore absolutely necessary and must also be registered with all accounts and platforms in order to no longer be blocked if the first key is lost.
    • First of all, all affected accounts must be re-registered with the token.
    • Investments and expenses arise without or before a case of damage.

    It becomes clear that the focus must be on the advantages of the hardware keys in order to accept the associated effort. This is the case in all security-related areas.

    The security token YubiKey from Yubico

    Not least as a result of the developments of the FIDO2 and FIDO-U2F standards initiated and advanced by Yubico, the manufacturer sees itself in the favorable position of being the market leader for authentication keys. The company, which is now based in Silicon Valley, launched its first security key back in 2008. The first, based on the FIDO protocol, followed in 2014. The range now includes a number of models with different performance levels based on the FIDO2 standard and other protocols. The current keys are those of row 5 (since 2019).

    The first users of YubiKey understandably came from particularly security-sensitive areas such as research, IT and media. And that both within corporate structures and from SMEs. Password security and simple usability are naturally very important to the users there. The management attaches particular importance to the associated problem-free use of all employees and easy scalability for many users. In the meantime, the YubiKey has found its way into all areas where sensitive data and access are involved – from institutions to industry to the private sector.

    The features that distinguish the YubiKey and with which it was able to establish itself on the market can be summarized as follows:

    • Most protocols and standards are covered.
    • Account takeovers are effectively prevented.
    • YubiKeys enable user-friendly passwordless access.
    • Unlike other 2FA solutions, YubiKeys do not store any data and do not require a network connection.
    • They are modernizing multifactor authentication.

    What do the Series 5 YubiKeys do?

    Depending on the product version, Series 5 keys have different interfaces for communication. These include USB-A, USB-C and Lightning. Some YubiKeys also offer NFC and can therefore also be used contactlessly, for example on a smartphone or with a suitable NFC reader. All keys are:

    • SIMPLE – effective way to protect against account takeover
    • EASY – intuitive user experience and quick to install, deploy and use
    • SCALABLE – tailored to all types and sizes of businesses
    • EFFICIENT – Reduces support requests for password reset or account unlocking
    • PORTABLE – always at hand on the key ring

    They support the most important web services as well as various protocols and thus form a bridge between traditional and modern authentication methods and systems.

    Various functions can be covered with a YubiKey: from secure login to e-mail accounts, online services or apps to computers and physical rooms (Source: Yubico)

    With strong two-factor, multi-factor and passwordless authentication, as well as seamless touch-to-sign, the hardware-based keys cover a wide range of formats and allow users to secure their accounts on all their devices. These widely used protocols are supported:

    • FIDO2
    • FIDO U2F
    • Smart card (PIV)
    • OATH (TOTP/HOTP)
    • YubiOTP
    • OpenPGP
    • Challenge Response

    The top three Reichelt YubiKeys at a glance

    This is how the popular YubiKeys differ in addition to the properties of all Series 5 keys described above:

    1. YubiKey 5 NFC

    • Fits in the standard USB-A interface
    • Offers tap-and-go authentication with NFC readers for PCs and smartphones. For contactless activation, the YubiKey is simply held up to the NFC reader.
    • IP68 certified: dustproof and submersible (clear water)

    2. YubiKey 5C NFC

    • Fits in the standard USB-C interface
    • Offers tap-and-go authentication like the 5 NFC
    • IP68 certified like the 5 NFC

    3. YubiKey 5C

    • Simply plug into the USB-C interface and tap the gold contact (no NFC).

    .

    An investment that pays off

    Return-related aspects are often decisive at the decision-maker level. This is where the YubiKey scores with its user self-service. It is fairly easy to deploy and manage for deployment, registration, and account recovery. In addition, the key is particularly resistant and durable because it is stable and has no batteries, screens or moving parts. This makes it cost-effective due to little support, failure and replacement.

    The chart illustrates how quickly Google was able to reduce password-related support incidents after moving from OTP to YubiKey (Source: Yubico)
    The chart illustrates how quickly Google was able to reduce password-related support incidents after moving from OTP to YubiKey (Source: Yubico)

    If the combination with passwords is not used, a significant reduction in support requests can be assumed. Since password-related requests such as password resets account for between 30% and 60% of support requests in companies, this means enormous savings potential. When all 85,000 employees at Google were provided with a security key, not only did support requests drop by 92%. Since then, not a single employee access point has been hacked (anymore). Since 2012, Google has deployed more than 190,000 YubiKeys.

    And here we go

    Overall, Yubico’s products offer an extremely secure, user-friendly and scalable solution for authentication that supports all operating systems and mobile platforms and can already be used for the most used applications today. It is then only up to the user to decide on the right YubiKey from the extensive product family and to add or set up additional software if necessary. YubiKey Manager is provided by Yubico. The tool is needed to set up FIDO2, OTP, and PIV functionality on the YubiKey for Windows, MacOS, and Linux operating systems. YubiKey KeePass is a free, open-source password manager that supports YubiKey’s strong, hardware-based two-factor authentication.

    And finally, a look into the future: Yubico has already announced a new product, the YubiKey Bio. This is a hardware authenticator with fingerprint recognition that enables both PIN-based and biometric login.

    Images: Yubico Inc.

    Keine ähnlichen Artikel gefunden.

    Latest Posts

    Most Read

    Subscribe to Newsletter

    Subscribe now and benefit 2x a week!

    Subscribe now ►

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    Customer Service

    Email: marketing@reichelt.de

    Order Hotline: +49 (0)4422 955-333 

    Our Service, Your Benefits

    • 50 years of experience
    • More than 150.000 products in stock
    • Secure online shopping
    • Strong brands and high quality

    Social Media

    Facebook

    Imprint | Right of withdrawal | Privacy | General terms and conditions | About us | Contact