TheFIDOAllianceaims to provide a
solution to theworld’s password problems
Secureanything withaUSB stickCOVER
FEATURE27 Nov-10Dec 2019 41–thebeautyofaYubiKeyisthatyou
don’thavetoworryabouttypinginany
codestoconfirmyouridentity,and
there’snopersonalinformation
associatedwiththekeyitself.
Additionally,aYubiKeycanprotect
youfromallmannerofthreatsincluding
phishingscams,sessionhijackingand
man-in-the-middleandmalware
attacks.Phishingscams–whereusers
areunwittinglytrickedintologginginto
afakeversion of awebsite,usually by
clicking alinkinaconvincinglooking
email–are very commonthese days,
butare easilydefeated with aYubiKey.
No matter howconvincingthe fake site
looks, onlythe real site canbe
authenticatedusing your key.
There’snolimit on thenumberof
accounts youcan useyourYubiKeywith
–for insta nce, if youhave morethan one
Gmailaccount, youcan usethe same
key on al loft hem.HOWDOIUSEAYUBIKEY?
Differen ttypes of YubiKeyworkin
differen tways. If youhave aUSB-A
model,you plugit into aspare USBport
in your PC or laptop. Ifyouhave a
USB-Ckey,then youplug this into theYOUR YUBIKEYQUESTIONSANSWEREDUSB-Cportonacomputeroramobile
phone(ifitsupportsthenewUSB
standard).TheYubiKey5Ci,whichhas
bothUSB-CandLightningconnectors,
canbepluggedintoacomputer,mobile
phonewithaUSB-Cport,oriPhoneor
iPad.Ifyouhaveakeythatsupports
NFC,youjusttapthisonacompatible
Androidphone.Somekeysaredesigned
tobecarriedwithyou(theyallhave
aholeatoneendforattachingthem
to akeyring)and used as needed,while
othersare intendedtostayplugged
in at alltimes.
Once youhave your key,you simply
needto enableitonall of thesites you
want to useitwith.We’ll explai nthe
proc ess forthisalittlelater but,
essentially, youjust find theoptionfor
addingakey under thetwo-step
verification onasite(usually under
Settings,but youmay need to hunt
around). If youcan’t fi nd this option,
checkonthe YubiKeysitetomakesure
theservice youwanttoadd akey to
is su pported.
Youdon’t need to have your YubiKey
with youatall timestoaccess asite.
During setup, you’ll be giventhe option
to have thesiterememberthecomputerWHATISAYUBIKEY?
YubiKeyisaphysicalsecuritykeythat
lookssimilartoaflatUSBflashdrive.
Itenablesstrongtwo-factorand
password-freeauthentication,
preventingattackersfromgaining
accesstoyouronlineaccounts.
MadebySwedish-Americancompany
Yubico(www.yubico.com),theproduct
wasinventedbyhusband-and-wife
teamStinaandJakobEhrensvärd
(nowYubico’sCEO andCTO
respectively)in2 008 .Theoriginof
itsunusualnameistheJapaneseword
forfinger(yubi)butit’salsoshortfor
“yourubiquitouskey”.
WorkingcloselywithGoogleand
Microsoft,Yubicohelpedcreatethe
FIDO(FastIdentityOnline)Universal
2ndFactor(U2F)andFIDO2open
authenticationstandards(fidoalliance
.org).Theseallowyoutosecurely
accessmultipleinternetserviceswith
asinglesecuritykey,andwithoutthe
needforspecialdriversorsoftware.
Thereareanumberofdifferent
YubiKeysavailable,offeringavarietyof
features,althoughtheyallessentially
workinthesameway.Oncesetup,you
usethemasasecondlineofsecurity
alongsideyourexistingpassword.
WHYDOINEEDAYUBIKEY?
Hardlyadaygoesbywhenwedon’t
hearofanotherdatabreachinwhich
userlogindetailshavebeenstolenor
leaked.AccordingtotheFIDOAlliance,
webusershaveonaveragemorethan
90 onlineaccounts(althoughmany
probablyaren’tinactiveuse)andreuse
upto51%oftheirpasswords.Thatlast
statisticisaconcernbecausepasswords
aretherootcauseofover80%ofdata
breaches.
IfyouuseaYubiKeytoprotectyour
logins, no onecan access your account
–evenift heyhave your username and
password.While thereare other
two-factorauthentication methodsout
there–using your phoneasasecond
loginmethod beingthe most popular
The origin ofits unusualname is the Japaneseword for
finger (yubi)but it’s also shortfor “your ubiquitouskey”