I am constantly looking for ways that I can remain as secure as possible while online, and YubiKey seems to be a great addition to my security procedures. The one thing that I have been doing is creating secure passwords for all my online identities. I am currently using LastPass to manage my passwords, and it has made my job of managing passwords so much easier.
About a month ago I have also learned about a product that will help make some of my logins even more secure than just a good password – the YubiKey. What is this product, and how does it work? Let me explain.
The Key to Online Authentication
A YubiKey is the core product from a company called Yubico. The YubiKey was invented in 2006 by Stina and Jakob Ehrensvärd. To bring the YubiKey technology to the market, Yubico was then founded in 2007. The company, itself, includes Internet security and sales professionals that have a proven track record.
As for YubiKey, it is a hardware authentication token. It looks like a USB memory stick, but when it is connected to a computer (through a USB port), it is installed as a keyboard.
There is a single button on the YubiKey that when pressed will send a time-sensitive, unique code to an application. Each time the button is pressed, a new code is sent.
The best part about the device is that it requires no software to be installed to function. It can work with pretty much any client application – from web browsers to installed applications – on all platforms. The reason for this is because the YubiKey is installed as a keyboard, so by pressing the button on the YubiKey is just like pressing a button on a keyboard.
How does a YubiKey provide better online security?
Two Factor Authentication With YubiKey
There have been countless stories online about someone’s account being hacked on a website. Many times the hacker has actually used the victim’s user ID and password to login and perform destructive actions. With a YubiKey, it adds another layer of security to a standard user ID and password authentication.
Let’s look at an example using PayPal. PayPal uses an e-mail address and password for login. An e-mail address for someone is easy to find, and if they also use a weak password, then perhaps the brute force method of getting the password will work. If that is the case, then with both the e-mail address and password, someone can get into someone else’s PayPal account. Not good.
To add another layer of protection to your PayPal account, you would first purchase a YubiKey (one-time fee of $25), and then setup your PayPal account to use the YubiKey.
The next time you log into PayPal, you would provide your e-mail address and password as previously. Once you click “Login”, PayPal will then prompt you for your YubiKey unique code. You simply insert your YubiKey into a USB port on your computer, and then press the YubiKey button. The code should then be sent to the PayPal web page, and you should then be able to log into PayPal. This is known as two-factor authentication because there are two things that control the authentication:
- The user ID and password.
- The unique code from the YubiKey.
My YubiKey has made my PayPal login so much more secure.
Where Can You Use YubiKey?
So you may be thinking about investing your hard earned $25 in a YubiKey because it will definitely help keep some of your online accounts secure. The question is where can you use it?
For one, you can use it with your LastPass account, which is the main reason I bought the YubiKey. I figured that LastPass contains the login and passwords for all my online access, so I wanted to ensure that I have a strong authentication process in place.
I have also setup YubiKey with both PayPal and eBay. Each of these sites requests my YubiKey unique code before they log me in. PayPal is the second reason that I own the YubiKey, as most of my online transactions go through them.
A third option that I am just starting to explore is to use YubiKey with my blog. Someone has created a WordPress plugin that allows YubiKey to be used when logging into my blog. This will add the two-factor authentication to my blog, making it much harder to hack into through logging in.
I don’t know all websites that allow the use of YubiKey, but LastPass, PayPal, and eBay alone are a good reason to invest in the YubiKey for extra security.
If would like to increase your online security, then I suggest you look into getting the YubiKey.