yubikey
Latest
Apple releases iOS 16.3 with support for physical security keys
Apple’s latest mobile software update lets you log into your Apple ID with a physical security key.
Yubico's new security keys have fingerprint readers for added protection
YubiKey Bio devices are available in USB-A and USB-C formats.
Google offers free Titan security keys to help secure political campaigns
While Facebook stands firm on its decision not to ban false political ads, Google is moving in the other direction. After banning political ad targeting last year, the company has announced new plans to help tighten security within campaigns. In partnership with non-profit Defending Digital Campaigns (DDC), the search giant will be distributing its Titan security keys for free to political groups.
Yubico is making it easier for businesses to buy its YubiKeys
A growing number of companies are looking at hardware authentication security keys as a trusted and convenient way to protect sensitive corporate data. Indeed, Google has recently launched an open source project to help advance the uptake of this technology. But for companies with hundreds of employees, ensuring the right people have the right keys can be a huge logistical undertaking and added expense. As such, security key maker Yubico has launched an enterprise service to help businesses integrate the tech into their operations more easily.
Lightning-compatible YubiKey 5Ci could secure your iPhone logins
iPhone owners with a mind toward security have a new option for protecting their online accounts. On Tuesday, security key manufacturer Yubico announced the $70 YubiKey 5Ci, which the company says is the world's first Lightning port-compatible security key.
Yubico recalls government-grade security keys due to bug
Yubico is recalling a line of security keys used by the U.S. government due to a firmware flaw. The company issued a security advisory today that warned of an issue in YubiKey FIPS Series devices with firmware versions 4.4.2 and 4.4.4 that reduced the randomness of the cryptographic keys it generates. The security keys are used by thousands of federal employees on a daily basis, letting them securely log-on to their devices by issuing one-time passwords.
Google recalls some Titan security keys after finding Bluetooth vulnerability
Google is recalling its Bluetooth Titan security keys due to a vulnerability that could allow attackers to connect to your device. No need to panic -- the bug only seems to apply to a very narrow set of circumstances, according to a blog post published by Google on Wednesday. The attacker would have to be within 30 feet of you during the moment you press the button on your Titan Key to activate it, and also know your username and password. In this scenario, the attacker could then use their device to act as your security key and access your device.
You can sign into your Microsoft account without a password
Now that the Windows 10 October update (aka 1809) is back, Microsoft is taking advantage of it to continue its fight against passwords. You now have the option of signing into your personal Microsoft account using the Edge browser and either Windows Hello or a FIDO2-based security device like Yubico's YubiKey 5. You won't have to remember your password every time you want to check mail in Outlook or buy a game for your Xbox.
YubiKey 5’s FIDO2 support will help you ditch passwords entirely
If you're looking to ditch passwords altogether, then Yubico has some good news for you. The company touts its new YubiKey 5 series as the first to support FIDO2, a standard that allows you to lose passwords entirely. It's been recently supported by Chrome, Firefox and Microsoft Edge.
Twitter adds support for login verification with a USB key
Twitter announced today that you can now use a USB security key, such as Yubikey, as part of the two-factor authentication process. It's the latest expansion of Twitter's verification support, which, as of last year, also includes third-party apps like Google Authenticator and Duo Mobile. By using a physical key, you'll be able to sign in securely even in situations where you can't or don't want to have a text message sent to your phone. Facebook, Google, Dropbox and others have added support for security keys in the past.
iPhone owners can now use Yubikey NFC tags to unlock apps
Digital security has always been paramount, but the advent of tablets and smartphones has allowed us take much more data with us on the go. A combination of two-factor authentication and effective password management is usually enough to keep nefarious types away from your accounts, but Yubico has introduced an extra layer of safety for iOS that lets you seamlessly log into apps by hovering a YubiKey behind your phone.
Firefox takes a big step towards eliminating passwords
Today, Mozilla released Firefox 60 for Windows, Mac, Linux and Android, and with it arrives Web Authentication API for desktop browsers. This is a new security standard that allows Firefox users to log into all their online accounts with a single device, such as YubiKey. It doesn't mean that you don't have to use passwords anymore; only websites that recognize Web Authentication will work. But it's a huge first step to eliminating passwords altogether.
Get ready to lose the tiniest USB-C authentication key in the world
Yubico has launched a new USB-C authentication key and it is tiny. The tiniest in the world, in fact. But size doesn't matter in this instance, as the YubiKey 4C Nano it works just like any other USB-C authentication key. Designed to replace text messages or external authenticator apps when using two-factor authentication, just insert the key into your PC and bingo, you've got access. Interestingly, though, the company claims its incredibly small size makes it well-suited to simply being left in your laptop, which kind of defies its security and protection purpose. Of course, the alternative is taking it out and -- for something of this size -- inevitably losing it.
Facebook offers extra security with USB key support
None of us want strangers accessing our accounts online. You might use a password manager, or two-factor authentication via SMS, but there's another way you can stay protected -- physical security keys. Following Google, Dropbox and others, Facebook has added support for these privacy-centric dongles today. When you log into your account, that means you can choose to prove your identity with a special USB stick (that supports the open Universal 2nd Factor (U2F) standard), rather than a code sent to your phone. Yes, it's another object to keep on your keychain, but in return, you'll be getting a superior level of protection.
Six gifts for your paranoid friends and family
It pays to be paranoid in a time of rampant breaches, social media account extortion, identity theft, fake security products, ransomware, and hack attacks on all. That's why we've put together a gift guide for those among us who don't want to find out they have a security issue the hard way. Typically that would include things like VPN subscriptions or password manager recommendations, but that's no fun when it comes time for everyone to open their presents. That's why we've selected six sweet gadgets that'll protect the privacy and security of those you care about. Carefully screened to keep out the "security snake oil" products flooding the gadget market, our picks have been selected with a keen eye on things that actually work to fight attacks that actually happen.
Google experiments with hardware-based authentication, envisions passwordless future
2012 was not a great year for security. From the "epic hack" of Wired's Mat Honan to the breach of Dropbox and the breakdown of barriers at Blizzard (not to mention countless smaller incidents), last year held frequent reminders that what you put online is never truly safe. Google has, in the wake of such public failings, began pushing its two-factor authentication with a pretty heavy hand. But even that system has its short comings, and Mountain View is looking for ways to shore up users' accounts. In particular the web giant is exploring hardware authentication options and experimenting with a device called YubiKey -- a USB-based token system. The research will be unveiled in a paper being published later this month in IEEE Security & Privacy Magazine, and includes preliminary work on a protocol for using a hardware device to unlock an online account. If carrying around and jacking in a USB key sounds too cumbersome, fear not. Google is also working on a wireless version of the platform that could be embedded in a cellphone or even a piece of jewelry like a ring. We may never ditch the password entirely, but we can hope.