Web users wanting to ditch insecure static passwords for two-factor authentication are being offered a new USB key that combines two of the industry’s most important technologies in one more affordable product.
Called the Yubikey Edge, the new USB key combines support for the FIDO Alliance’s emerging Universal 2nd Factor (U2F) protocol with Yubikey maker Yubico’s own One Time Password (OTP) security technology as recommended by major password managers such as LastPass.
It’s an area of technology that engenders confusion among consumers and small business users alike thanks largely to uncertainty about which standard and product supports which browsers and services.
U2F backer Google lets users use U2F keys to authenticate with its services (WordPress is also supported with Firefox in the works) while Salesforce and LastPass require OTP; Microsoft has plans to support U2F in Windows 10. Currently, U2F keys are cheap at around $10-$15 each while OTP keys tend to be up to twice that price.
In essence, users wanting support for both worlds now have a cheaper halfway house, the Yubikey Edge, which will retail for $30 per key (around £25). As with the other keys, the Edge also supports OATH comes in a mini form factor.
“Two-factor authentication has become a must-have defence for protecting users, applications and accounts from the daily epidemic of hacks and password theft,” said Yubico founder and CEO, Stina Ehrensvard.
“YubiKey Edge uniquely combines driverless OTP, for today’s strong authentication infrastructure, with the emerging standard FIDO U2F, providing public key crypto and protection against man-in-the-middle attacks.”
A key feature if Yubico’s products is that they require no drivers which allows them to be used on any platform, including Windows, Mac OS X and Linux and mobile. They can also be used to store long static passwords.
Yubico also makes the Yubikey Neo which Techworld recently tested when using LastPass across Windows PCs and a Google Chromebook. This adds Contactless NFC support to allow authentication via mobile apps.