Yubikey is a hardware device that you plug in to the USB port of a computer to improve the security of authentication processes.
Password theft is a common problem on the Internet these days. Attackers use numerous ways to steal login credentials from users: this includes phishing attacks via email, brute force attacks that try to guess the password, trojans and computer viruses, or keyloggers that record every keystroke of the user.
The best protection against those kind of attacks are strong passwords, an up to date computer system with security software installed, and an open educated mind that uses caution and common sense whenever passwords or other personal information are entered on the Internet.
Some security software programs can aid the user in protecting the data. Software programs like Last Pass or KeePass, password managers that can generate secure passwords and remember them for the user, are examples of this.
But those applications do not change the system itself. All that is needed to log into a service are the username and password of a user. Yubico changes this.
Yubikey is offered as a USB compatible device that offers strong authentication by adding an extra layer of authentication to the login process of several popular applications and Internet services.
Supported are for instance password managers like Last Pass or KeePass, content management systems like WordPress or Drupal, the popular encryption software True Crypt and other services like Google Apps or OpenID.
How does it work?
Yubico basically adds another layer of security to the login process in most cases. A login to the Last Pass master server for instance will still require the user's Last Pass email address and password but will display a Yubico prompt afterwards. The user then needs to enter the Yubikey into an USB port of the device for authentication.
The Yubikey comes with a button on the device that will authorize the request whenever it is pressed. This is used in the authorization process.
The Yubikey password consists of a static and dynamic part which makes this solution excellent for battling keyloggers and other eavesdropping techniques as the password is only valid for one time and void afterwards. This password can be changed to a very long static password for offline usage (for example required to make it work with True Crypt during system boot).
This means that an attacker would need access to the user's email address and password but also access to the Yubikey device to gain access to the service similar to how other two-factor authentication systems work.
Take a look at this video for additional details
Yubikey adds another security layer to the authentication process. It is Open Source, does not require installation, is compatible will most popular operating systems, works with lots of popular services and can be easily carried around in a wallet or on a key chain.
This is the perfect device for web users who work with WordPress, Google Apps, Dropbox, GitHub, password managers, OpenID or other services and applications listed on the Yubikey Wiki website. Interesting enough, Yubikeys work also as a second layer for logging in to Windows, Linux or Mac OS X devices.
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.