Story image

Hands-on review: Quick and easy authentication with YubiKeys

12 Dec 18
Sponsored

Consumers tend to believe that setting up two-factor authentication puts them at the height of cybersecurity best practice – but this belief is misled.

Mobile text-based two-factor authentication is no longer a trustworthy second factor as it isn’t effective against phishing attacks.

Social engineering scams can and do target text messages to route to cybercriminals’ devices, porting the second factor to a mobile device owned by a criminal.

Instead of text-based two-factor authentication, one of the most secure options available to consumers available is a security key like Yubico’s YubiKeys.

YubiKeys uses a hardware chip to provide safe and secure authentication – use of YubiKeys are mandatory for all Google employees.

As someone who has been aware of how easily text-based two-factor authentication can be compromised for a while, I was really excited about the opportunity to review a YubiKey.

What it did well

I decided to use the YubiKey 5C, which is compatible with USB-C ports.

The YubiKey is easy to set up from any web browser, with a start page that links you to setup instructions for several of the most likely services you will probably want to use it on.

I found some services easier to set up than others, with most requiring you to set up a mobile number for two-factor authentication (the exact thing I was trying to avoid) before allowing you to set up the YubiKey and delete my mobile number as a factor.

However, in all cases, the YubiKey was detected and registered by my laptop and the service easily.

Once set up, authentication with the YubiKey involves plugging in the key and touching the gold button on the key.

I liked the simplicity of this one-touch process, and I can see it how it can be adopted easily by even those who don’t consider themselves to be tech-savvy.

I was also surprised to see how wide the variety of platform supporting the YubiKey was, ranging from enterprise platforms like ESET, RSA, and Salesforce, to the opposite end of the spectrum with gaming platforms such as Nintendo and Electronic Arts.

The YubiKey is also made to be highly durable – it’s crush- and water- resistant.

NFC and Passwordless 

The Yubikeys also have a YubiKey 5 NFC version that can be used with NFC-enabled mobile devices.

As an iPhone user, I wasn’t able to test this feature. However, having an NFC-enabled security key brings a new level of convenience to two-factor authentication on mobile devices that don’t need to be tied into SIM cards.

For enterprises whose employees have multiple endpoints, this is a great way to provide passwordless tap-and-go authentication to services such as Microsoft Accounts.

YubiKeys also come in nano versions, with extremely small form factors compatible with USB and USB-C ports. 

Yubico says the nanos are designed to be semi-permanent inside a USB drive or USD-C drive so they don't fall out of machines like laptops, which get moved around a lot.

This correlated with my experience, and I found that the nanos were highly unobtrusive and virtually invisible once plugged into my laptop.  

Yubico's aim with the nanos is to provide a seamless user experience that is easy to use, fast and reliable and is proven to significantly reduce IT costs.

Additionally, the 5C Nano can also work with supported mobile devices via their USB-C ports.

Verdict

Two-factor authentication was meant to make it easier to secure online services, but cybercriminals have found a way around text-based authentication.

YubiKeys offer a highly simple and secure alternative two-factor authentication token that is easy to set up for both consumers and enterprise users.

Fujitsu takes conservation prize for immersion cooling system
The prize was awarded for the Fujitsu Server PRIMERGY Immersion Cooling System that can reduce power consumption by up to 40%.
Why it’s critical to deploy emerging technologies in ways that will benefit society
“Technologies like 5G, quantum computing, artificial intelligence and biometrics are individually disruptive, but collectively they will completely rewrite global trust models."
Why 37% of enterprises believe in artificial intelligence
The number of enterprises implementing artificial intelligence grew 270% in the past four years and tripled in the past year, according to Gartner.
NetFoundry signs new partner to implement cloud solutions
NetFoundry AppWANs can supposedly facilitate enterprise application deployment and operations, such as SAP on Azure.
Common missteps on the path to enterprise mobility
Many organisations don’t think broadly enough when it comes to mobilising staff and workflows, focusing instead on only the most obvious users and needs.
Expert comment: Google fined US$57mil for GDPR breaches
The committee examining the breaches found two types of breaches of the GDPR.
McAfee customer choice for Cloud Access Security
“This is the second time that McAfee has been named... and we believe this demonstrates our ability to stay ahead of the pack.”
What it takes to be a successful leader during the ‘fourth industrial revolution’
"Leaders are more realistic about what it will take to succeed, and they appear particularly focused on societal impact and workforce development as two critical components of their future success."