itb-nz logo
Story image

Hands-on review: Quick and easy authentication with YubiKeys

12 Dec 2018

Consumers tend to believe that setting up two-factor authentication puts them at the height of cybersecurity best practice – but this belief is misled.

Mobile text-based two-factor authentication is no longer a trustworthy second factor as it isn’t effective against phishing attacks.

Social engineering scams can and do target text messages to route to cybercriminals’ devices, porting the second factor to a mobile device owned by a criminal.

Instead of text-based two-factor authentication, one of the most secure options available to consumers available is a security key like Yubico’s YubiKeys.

YubiKeys uses a hardware chip to provide safe and secure authentication – use of YubiKeys are mandatory for all Google employees.

As someone who has been aware of how easily text-based two-factor authentication can be compromised for a while, I was really excited about the opportunity to review a YubiKey.

What it did well

I decided to use the YubiKey 5C, which is compatible with USB-C ports.

The YubiKey is easy to set up from any web browser, with a start page that links you to setup instructions for several of the most likely services you will probably want to use it on.

I found some services easier to set up than others, with most requiring you to set up a mobile number for two-factor authentication (the exact thing I was trying to avoid) before allowing you to set up the YubiKey and delete my mobile number as a factor.

However, in all cases, the YubiKey was detected and registered by my laptop and the service easily.

Once set up, authentication with the YubiKey involves plugging in the key and touching the gold button on the key.

I liked the simplicity of this one-touch process, and I can see it how it can be adopted easily by even those who don’t consider themselves to be tech-savvy.

I was also surprised to see how wide the variety of platform supporting the YubiKey was, ranging from enterprise platforms like ESET, RSA, and Salesforce, to the opposite end of the spectrum with gaming platforms such as Nintendo and Electronic Arts.

The YubiKey is also made to be highly durable – it’s crush- and water- resistant.

NFC and Passwordless 

The Yubikeys also have a YubiKey 5 NFC version that can be used with NFC-enabled mobile devices.

As an iPhone user, I wasn’t able to test this feature. However, having an NFC-enabled security key brings a new level of convenience to two-factor authentication on mobile devices that don’t need to be tied into SIM cards.

For enterprises whose employees have multiple endpoints, this is a great way to provide passwordless tap-and-go authentication to services such as Microsoft Accounts.

YubiKeys also come in nano versions, with extremely small form factors compatible with USB and USB-C ports. 

Yubico says the nanos are designed to be semi-permanent inside a USB drive or USD-C drive so they don't fall out of machines like laptops, which get moved around a lot.

This correlated with my experience, and I found that the nanos were highly unobtrusive and virtually invisible once plugged into my laptop.  

Yubico's aim with the nanos is to provide a seamless user experience that is easy to use, fast and reliable and is proven to significantly reduce IT costs.

Additionally, the 5C Nano can also work with supported mobile devices via their USB-C ports.

Verdict

Two-factor authentication was meant to make it easier to secure online services, but cybercriminals have found a way around text-based authentication.

YubiKeys offer a highly simple and secure alternative two-factor authentication token that is easy to set up for both consumers and enterprise users.

Download image
Strengthen the weakest link in your security chain
Globalisation. Remote working. High-turnover workforces. These factors and more add up to make increasingly dynamic workforces - and without proper management, your business could fall behind.More
Story image
Fortinet: Distributed networks driving enterprises towards consistent security
Jon McGettigan, Fortinet A/NZ Regional Director, explains how consistent security services can protect and help manage distributed networks.More
Story image
Wrike rolls out user experience features and brand refresh focused on digital work
To empower organisations move forward in digital transformation strategies, the Reimagined Wrike launch offers two fundamental changes: user experience and updated brand identity.More
Story image
Spark boosts rural wireless broadband capacity to meet COVID-19 demand
Spark has boosted its rural wireless broadband capacity in a bid to meet demand following the COVID-19 lockdown.More
Link image
APAC CFOs share their secrets to customer experience success
We've collected the most common FAQs from CFOs in the Australia-Pacific region (along with client examples) to empower you with a return on investment model that will highlight the true impact of experience management.More
Story image
Why retailers need to accelerate ecommerce and real time data capabilities to remain relevant in the ‘new normal’
The retail companies that will be most successful are those that can most effectively harness the data generated to refine and adapt their data and analytics strategy quickly.More