There is no denying that we need to be more careful than ever before when it comes to protecting our online identity. Weak passwords are one of the main causes for information being stolen. In fact, according to a recent Verizon Data Breach Investigations Report, 81 percent of hacking-related breaches happen because of weak and/or stolen passwords. Luckily, there is a solution to this, and this is the YubiKey. Read on to discover everything you need to know about it.
How are passwords stolen?
Let’s begin by understanding how passwords are stolen. There are a number of different ways that this can happen, so let’s take a look at the most common.
- Guessing. A lot of passwords are simply figured out through the art of guessing. It is of no surprise when you consider the fact that so many people have obvious passwords such as “letmein” and “123456.” People can also guess passwords easily if you have a password that is connected with your personal life, such as your partner’s name or your date of birth. If someone knows you personally, such passwords would be very easy to guess.
- Data Breaches. Sometimes hackers can gain access to passwords through breaching the entire computer system. From malware to ransomware; there are many different types of technologies that are used.
- Spying. Another method for stealing a password is snooping. There are a number of forms this can occur in. This could be as simple as looking over your shoulder while typing. After all, it’s easy to look at someone putting in their pattern to unlock an Android phone. In some cases, people also install spyware so that they can find out what someone’s password is.
- Phishing. Phishing happens when someone impersonates a legitimate entity in order to gain access to your accounts. For example, this person may pretend to be your bank or PayPal and send you an email. These emails look very realistic, so you need to be extra cautious before giving out any personal details or clicking on any email links.
- Brute Force. We don’t mean that someone is going to beat you up until you tell them your password, although this is possible! When we refer to brute force, we mean methods whereby special computer programs are used to rapidly run through every potential combination of passwords until yours is figured out.
RELATED: How To Create A Strong Password
How Will a YubiKey Protect Your Online Identity?
Now that you know about the different ways that passwords can be stolen, it is important to put steps in place to protect your online identity. One of the best ways to do this is with a YubiKey. A YubiKey is an all-in-one configurable security key. Below, we reveal everything you need to know about it.
What is a YubiKey?
Manufactured by Yubico, YubiKey is a hardware authentication device. It supports authentication, public-key encryption, and one-time passwords, as well as the FIDO2 and Universal 2nd Factor protocols developed by the FIDO Alliance. It enables you to log into your account securely by using a FIDO-based public/private key pair or emitting one-time passwords that are generated by the device.
Quick Overview of What to Expect From a YubiKey
- All-in-one configuration
- Protects access to online services, networks, and computers
- Safer and easier than authenticator apps
- Simply plug in your YubiKey and it will do the rest – you don’t need to retype passwords or reach for your smartphone
- Compatible with hundreds of services; from Facebook and Dropbox to Gmail and Salesforce
The numerous functions enable you to securely log-in to your computers, apps, online services, email, and even physical spaces. You can use one feature or you can use all of them; the choice is yours. No battery or software installation is required. Simply plug it in like you would your USB drive. You can tap-n-go for secure authentication or simply touch the button. YubiKey also enables static passwords to be stored for use on websites that do not support one-time passwords.
Having a physical device that is required to authenticate you means that, even if someone has your password, they can’t access your online accounts because they don’t have the physical YubiKey.
How Does YubiKey Work?
The YubiKey works through the implementation of the One-time Password Algorithm that is Time-based (TOTP) and the One-time Password Algorithm that is HMAC-based (HOTP). It is identified as a keyboard that works through delivering one-time passwords through the USB HID protocol.
The most recent version of YubiKey, YubiKey 5 Series, was released last year. This was introduced so that there was support for FIDO2. Below, we are going to take a look at some of the different features you can expect from the YubiKey.
- Static Passwords. This is a basic feature of the YubiKey. It generates 38-character static passwords that are compatible for log-in with any application. This is used most frequently with legacy systems that are unable to be retrofitted to allow two-factor authentication schemes, like pre-boot login.
- OpenPGP. In the physical world, data and documents tend to be validated with a signature. OpenPGP is a standards-based public key cryptography that is used in the virtual world to sign, encrypt, and decrypt files, emails, texts, and such like.
- PIV-Compatible Smart Card. Smart cards broker data exchanges through a computer chip. This is also found in the YubiKey 5 Series.
- OATH – TOTP (Time). This device can also generate an eight or six character, time-based, one-time password (OTO) in order to log into any service that supports OATH-TOTP, for example, EverNote, Dropbox, Google Apps, and Microsoft Cloud accounts. A new password is created at a set time interval, for example, every 30 seconds.
- OATH – HOTP (Event). This device can also generate an eight or six character, time-based, one-time password (OTO) in order to log into any service that supports OATH-HOTP, which is a strong open authentication standard.
- Yubico One-Time Password (OTP). You can also have an encrypted password generated by your YubiKey for one-time use. In order for an OTP to be generated, a hacker would need to have physical access to your YubiKey. This provides you with a huge layer of protection when it comes to your online identity.
- FIDO2. As mentioned earlier, the 5 Series was introduced to support FIDO2. This is the latest standard in open authentication, which enables authentication options to be expanded. This includes multi-factor and two-factor authentication, as well as password authentication. Through supporting FIDO2, the YubiKey enables businesses and organisations to accelerate a future without passwords, meaning there would be no need for any client drivers or software.
What Online Services Does YubiKey Work With?
YubiKey works individually with dozens of online services like Facebook, Twitter, Microsoft. and YouTube. Click the following link for a full list of compatible online services. You will see that YubiKey is compatible with JumpCloud, Instagram, HackerOne, Drupal, Dropbox, Reddit, and many, many more!
There are a number of major businesses that utilize YubiKey. This includes Google. Google supports YubiKey for both users and employees. Facebook utilises YubiKey for employee credentials. There are also many password managers who support YubiKey.
Plus, if you use LastPass to manage your passwords, you can secure your LastPass account with a YubiKey.
Use YubiKey On Any Device
You can use YubiKey on your computer by simply plugging it into the USB port. You can also use this on your mobile device. Simply hold YubiKey close to your device to authenticate.
We recommend that you carry your YubiKey around with you wherever you go. Better yet, use several YubiKeys and associate all of them to your accounts so you can keep one on your keychain, one in your home office, and so on.
Finding the right YubiKey
There are a number of different YubiKeys to choose from. Your decision will depend on a number of different factors, including what type of user you are – individual, IT/security professional, or government/FIPS.
The YubiKey 5 Series is suitable for all users, yet the Security Key Series is only advisable for the individual consumer and the FIPS Series is better for business and government use. You can also compare the features between the various products.
A lot of the features are shared between all three devices. However, there are some slight differences between them, which will matter to the user. For example, you will see that the Security Key Series and the YubiKey 5 Series are passwordless, yet the FIPS Series is not.
Is the YubiKey worth it? Watch the video below from TheHiTechNomad to get an in-depth look at YubiKey.
So there you have it: everything you need to know about YubiKey. There is no denying that we all need to make an effort to protect our passwords and personal data today. However, with weak passwords and poor protection methods, the vast majority of data breaches do occur because of this. By using a YubiKey, you can reduce the chances of a hacker gaining access to your confidential data by a considerable degree.