Sep
24
2018
--

Yubico’s new security keys now support FIDO2

Yubico, the company behind the popular Yubikey security keys, today announced the launch of its 5 Series keys. The company argues that these new keys, which start at $45, are the first multi-protocol securities keys that support the FIDO2 standard. With this, Yubico argues, the company will be able to replace password-based authentication, which is often a hassle and unsecure, with stronger hardware-based authentication.

“Innovation is core to all we do, from the launch of the original YubiKey ten years ago, to the concept of one authentication device across multiple services, and today as we are accelerating into the passwordless era,” said Stina Ehrensvard, the CEO and founder of Yubico in today’s announcement. “The YubiKey 5 Series can deliver single-factor, two-factor, or multi-factor secure login, supporting many different uses cases on different platforms for different verticals with a variety of authentication scenarios.”

The company made the announcement ahead of Microsoft’s Ignite conference this week, where Microsoft, too, is expected to make a number of security announcements around the future of passwords.

“Passwordless login brings a monumental change to how business users and consumers will securely log in to applications and services,” said Alex Simons, the corporate vice president of Microsoft’s Identity Division. “With FIDO2, Microsoft is working to remove the dependency on password-based logins, with support from devices like the YubiKey 5.”

For the most part, the new keys looks very much like the existing ones, but new to the series is the YubiKey 5 NFC, which combines supports all of the major security protocols over both USB and NFC — and the addition of NFC makes it a better option for those who want to use the same key on they desktops, laptops and mobile phones or tablets.

Supported protocols, in addition to FIDO2, include FIDO U2F, smart card (PIV), Yubico OTP, OpenPGP, OATH-TOTP, OATH-HOTP, and Challenge-Response.

The new keys will come in all of the standard Yubico form factors, including the large USB-A key with NFC support, as well as smaller versions and those for USB-C devices.

In its press release, Yubico stresses that its keys are manufactured and programmed in the USA and Sweden. The fact that it’s saying that is no accident, given that Google recently launched its own take on security keys (after years of recommending Yubikeys). Google’s keys, however, are being built by a Chinese company and while Google is building its own firmware for them, there are plenty of sceptics out there who aren’t exactly waiting for a key that was manufactured in China.

Jul
25
2018
--

Google takes on Yubico and builds its own hardware security keys

Google today announced it is launching its own hardware security keys for two-factor authentication. These so-called Titan Security Keys will go up against similar keys from companies like Yubico, which Google has long championed as the de facto standard for hardware-based two-factor authentication for Gmail and other services.

The FIDO-compatible Titan keys will come in two versions. One with Bluetooth support for mobile devices and one that plugs directly into your computer’s USB port. In terms of looks and functionality, those keys look quite a lot like the existing keys from Yubico, though our understanding is that these are Google’s own designs.

Unsurprisingly, the folks over at Yubico got wind of today’s announcement ahead of time and have already posted a reaction to today’s news (and the company is exhibiting at Google Cloud Next, too, which may be a bit awkward after today’s announcement).

“Yubico strongly believes there are security and privacy benefits for our customers, by manufacturing and programming our products in USA and Sweden,” Yubico founder and CEO Stina Ehrensvard writes, and goes on to throw a bit of shade on Google’s decision to support Bluetooth. “Google’s offering includes a Bluetooth (BLE) capable key. While Yubico previously initiated development of a BLE security key, and contributed to the BLE U2F standards work, we decided not to launch the product as it does not meet our standards for security, usability and durability. BLE does not provide the security assurance levels of NFC and USB, and requires batteries and pairing that offer a poor user experience.”

It’s unclear who is manufacturing the Titan keys for Google (the company spokesperson didn’t know when asked during the press conference), but the company says that it developed its own firmware for the keys. And while Google is obviously using the same Titan brand it uses for the custom chips that protect the servers that make up its cloud, it’s also unclear if there is any relation between those.

No word on pricing yet, but the keys are now available to Google Cloud customers and will be available for purchase for anyone in the Google Store, soon. Comparable keys tend to sell for around $20 to $25.

Powered by WordPress | Theme: Aeros 2.0 by TheBuckmaker.com