sb-eu logo
Story image

Hands-on review: Quick and easy authentication with YubiKeys

12 Dec 2018

Consumers tend to believe that setting up two-factor authentication puts them at the height of cybersecurity best practice – but this belief is misled.

Mobile text-based two-factor authentication is no longer a trustworthy second factor as it isn’t effective against phishing attacks.

Social engineering scams can and do target text messages to route to cybercriminals’ devices, porting the second factor to a mobile device owned by a criminal.

Instead of text-based two-factor authentication, one of the most secure options available to consumers available is a security key like Yubico’s YubiKeys.

YubiKeys uses a hardware chip to provide safe and secure authentication – use of YubiKeys are mandatory for all Google employees.

As someone who has been aware of how easily text-based two-factor authentication can be compromised for a while, I was really excited about the opportunity to review a YubiKey.

What it did well

I decided to use the YubiKey 5C, which is compatible with USB-C ports.

The YubiKey is easy to set up from any web browser, with a start page that links you to setup instructions for several of the most likely services you will probably want to use it on.

I found some services easier to set up than others, with most requiring you to set up a mobile number for two-factor authentication (the exact thing I was trying to avoid) before allowing you to set up the YubiKey and delete my mobile number as a factor.

However, in all cases, the YubiKey was detected and registered by my laptop and the service easily.

Once set up, authentication with the YubiKey involves plugging in the key and touching the gold button on the key.

I liked the simplicity of this one-touch process, and I can see it how it can be adopted easily by even those who don’t consider themselves to be tech-savvy.

I was also surprised to see how wide the variety of platform supporting the YubiKey was, ranging from enterprise platforms like ESET, RSA, and Salesforce, to the opposite end of the spectrum with gaming platforms such as Nintendo and Electronic Arts.

The YubiKey is also made to be highly durable – it’s crush- and water- resistant.

NFC and Passwordless 

The Yubikeys also have a YubiKey 5 NFC version that can be used with NFC-enabled mobile devices.

As an iPhone user, I wasn’t able to test this feature. However, having an NFC-enabled security key brings a new level of convenience to two-factor authentication on mobile devices that don’t need to be tied into SIM cards.

For enterprises whose employees have multiple endpoints, this is a great way to provide passwordless tap-and-go authentication to services such as Microsoft Accounts.

YubiKeys also come in nano versions, with extremely small form factors compatible with USB and USB-C ports. 

Yubico says the nanos are designed to be semi-permanent inside a USB drive or USD-C drive so they don't fall out of machines like laptops, which get moved around a lot.

This correlated with my experience, and I found that the nanos were highly unobtrusive and virtually invisible once plugged into my laptop.  

Yubico's aim with the nanos is to provide a seamless user experience that is easy to use, fast and reliable and is proven to significantly reduce IT costs.

Additionally, the 5C Nano can also work with supported mobile devices via their USB-C ports.

Verdict

Two-factor authentication was meant to make it easier to secure online services, but cybercriminals have found a way around text-based authentication.

YubiKeys offer a highly simple and secure alternative two-factor authentication token that is easy to set up for both consumers and enterprise users.

Story image
Ripple20 threat has potential for 'vast exploitation', ExtraHop researchers find
One in three IT environments are vulnerable to a cyber threat known as Ripple20. This is according to a new report from ExtraHop, a cloud-native network detection and response solutions provider. More
Story image
Acronis announces new security endpoint solution
The solution is an integration of data protection and cybersecurity which provides customers with effective endpoint protection in a landscape where the pointlessness of perimeter security is becoming more pronounced.More
Story image
High-tech heist: why fending off ransomware attacks is more challenging than ever in 2020
The COVID-19 crisis has unleashed a wave of sophisticated and disruptive ransomware attacks, and the onus is on businesses to ramp up their security measures if they’re to avoid falling victim, writes Attivo Networks regional director for A/NZ Jim Cook.More
Story image
Check Point acquires Odo Security to bolster remote security offering
The deal will integrate Odo’s remote access software with Check Point’s Inifinity architecture, bolstering the latter company’s remote security capabilities in a time where working and learning from home has become the norm, and looks to largely remain that way in the near future.More
Story image
Kaspersky releases new report on consumer’s approach to digital services
COVID-19 related restrictions and the necessity to stay indoors has influenced the way people approach digital services, making them more aware of how securely both they, and their housemates, use the internet.More
Story image
How security awareness training can safeguard companies from cyber-attacks
Training goes a long way in embedding a culture of cybersecurity compliance within the company.More