Zit Seng's Blog

A Singaporean's technology and lifestyle blog

Better Security With YubiKeys

Passwords aren’t enough in these times. You need multi-factor authentication, sometimes more, but most of these measures are usually cumbersome to use. Yubico is trying to change that by providing ubiquitous security that is easy to use. Their line of YubiKeys hardware devices are now available in Singapore.

The concept behind YubiKeys is simple. Plug the gadget into your computer’s USB port, and it will provide second-factor authentication to numerous online services, including Google, Facebook, Dropbox, and GitHub. YubiKeys can also be used to replace passwords, or be part of a multi-factor authentication scheme.

Yubico sent me a bundle of their latest 5 series YubiKeys for this review: YubiKey 5 NFC, YubiKey 5 Nano, YubiKey 5C, and YubiKey 5C Nano. They all provide the same basic functionality, and differ primarily in the type of USB port.

The main benefit of using these YubiKey gadgets is with their second-factor authentication features. Yubico introduced the YubiKey Neo in 2014 with FIDO U2F support. As a quick introduction, this is the FIDO (Fast IDentity Online) Alliance’s U2F (Universal Second-Factor) open authentication standard that Yubico co-developed with Google. U2F require browser support on the user end, and this is available in Chrome, Microsoft Edge, Firefox, among others.

The new 5 series YubiKeys support newer standards, most importantly FIDO2, the successor to U2F. The full list of supported security functions are:

  • Static passwords (not the best thing to use)
  • Yubico OTP (old OTP scheme, proprietary)
  • OATH – HOTP (event-based)
  • OATH – TOTP (time-based, requires additional app)
  • Smart Card PIV-compatible
  • OpenPGP
  • FIDO U2F
  • FIDO2
  • Secure Element

Which YubiKey 5 series gadget you should get comes down primarily to the USB port type and form factor you’re comfortable with. The YubiKey 5 NFC does support NFC, and is the only one (in the 5 series) to do so, allowing you to use it for seamless and secure tap-and-go experience with mobile devices or external NFC readers.

A cool new feature of the YubiKey 5 series gadgets is the recently announced support for password-less login to personal Microsoft accounts (MSA). With the latest update to Windows 10 version 1809 and existing native support in Microsoft Edge, all consumer Microsoft accounts now support password-less login via FIDO2/WebAuthn. Really, no passwords.

Aside: I personally don’t think the above is entirely a great idea, because it means your account security now comes down to not losing this hardware gadget. As with anything to do with cybersecurity, you must understand what you’re getting into. YubiKeys, for example, make second-factor authentication simpler to use, but it isn’t as if it will solve all your online authentication problems.

If you’re interesting to get YubiKeys in Singapore, they are distributed by DT Asia. Prices start at US$45 (S$62). You can purchase YubiKey’s from DT Asia on Lazada.

Leave a Reply

Your email address will not be published. Required fields are marked *

View Comment Policy