Yubico Delivers Protection for Internet Passwords
October 2011 by Marc Jacob
Recent hacker attacks continue to demonstrate the weakness of traditional usernames and passwords. Most Internet users use the same credentials on multiple sites, severely damaging their online identity when a single site is hacked. To address this issue, Yubico, the leading provider of easy-to-use two-factor authentication, has initiated successful partnerships with online password managers, offering Internet users stronger protection of their passwords.
Compromised identities and associated data loss continue to rise as hackers successfully expose weak usernames and passwords. This year, several large American businesses have reported major security breaches, including Sony, Sega and Citigroup, among others. Last week, a major breach in Sweden, where more than 90,000 passwords that include Swedish journalists, politicians and private individuals, was hacked exposing an urgent need for improved password security.
As static username and password is still the most widely used online authentication method, password managers help users to easily manage longer passwords that are unique for every service. However, to ensure that hackers do not get access to the user’s list of unique passwords, security experts recommend two-factor authentication for logging in to the password manager service. Two-factor authentication means using something you have that provides a secure one time pass code (a token or smartcard) and something you know (a password or PIN).
The YubiKey USB authentication key simplifies the process of logging in with a One-Time Password (OTP) token, eliminating the need to re-type long passcodes from a display device. The practically indestructible device fits easily on a keychain and works on all computers and platforms without the need for client software. The YubiKey is supported by a growing number of password managers, including Lastpass.
In addition to providing two-factor authentication, Internet services must also protect servers storing sensitive user data, including encrypted secrets, from being remotely accessed by hackers. Yubico has recently launched the YubiHSM, the first inexpensive Hardware Security Module, for protection of secrets on servers.