Freely subscribe to our NEWSLETTER

Compromised identities and associated data loss continue to rise as hackers successfully expose weak usernames and passwords. This year, several large American businesses have reported major security breaches, including Sony, Sega and Citigroup, among others. Last week, a major breach in Sweden, where more than 90,000 passwords that include Swedish journalists, politicians and private individuals, was hacked exposing an urgent need for improved password security.

As static username and password is still the most widely used online authentication method, password managers help users to easily manage longer passwords that are unique for every service. However, to ensure that hackers do not get access to the user’s list of unique passwords, security experts recommend two-factor authentication for logging in to the password manager service. Two-factor authentication means using something you have that provides a secure one time pass code (a token or smartcard) and something you know (a password or PIN).

The YubiKey USB authentication key simplifies the process of logging in with a One-Time Password (OTP) token, eliminating the need to re-type long passcodes from a display device. The practically indestructible device fits easily on a keychain and works on all computers and platforms without the need for client software. The YubiKey is supported by a growing number of password managers, including Lastpass.

In addition to providing two-factor authentication, Internet services must also protect servers storing sensitive user data, including encrypted secrets, from being remotely accessed by hackers. Yubico has recently launched the YubiHSM, the first inexpensive Hardware Security Module, for protection of secrets on servers.