Size: 18 x 45 x 3 mm
Weight: 2.5 grams
Warranty: 2 Year
What is two factor authentication?
Two factor authentication is a security process in which the user provides two means of identification, First being a physical token such as a card, and the other which is typically something memorized, such as login credentials. Some people commonly refer to this as “something you have and something you know”
Security is something we all need to be constantly on top of. There are allot of companies that are not using best practices when it comes to security authentication we constantly see them in the news notifying users that they have been compromised.
As of right now best practice for password storage should be hashing + salting your passwords.
What is Hashing?
Hashing is an algorithm that turns data into a fixed-lenghth fingerprint that cannot be reversed. This is great however hackers don’t need to reverse them. They can create new hashes and compare them by brute forcing.By adding Salt to there password before it is hashed it makes it virtually impossible to do this with out knowing what the Salt was.
What is Salt you ask?
Salt is adding random characters in addition to your password. The key here is random. It would look something like
(“password” + “QxLUF1bgIAdeQX”) = 9e209040c863f84a31e719795b2577523954739fe5ed3b58a75cff2127075ed1
for more of an in-depth technical read about this check out defuse’s website
Now that we know and understand password storage we can add another layer of security with hardware. Yubico has designed a USB key for generating encrypted one time passwords by generating and sends unique time-variant authentication codes by emulating keystorkes.
How does the Yubikey work?
Plug the Yubikey into your USB port and push the center button where you see the green ELD. The light will go out while you push the button. Once you push the button Yubikey transmits a 44-character string and then send a new line command (enter). This is all very easy to use because the Yubikey shows up as a keybord to the computer so it will work for any computer. It is even possible to get it working on your iPad with a little adapter.
For technical information check out Yubico’s technical description page
What can I use it for?
Well more and more services and application are starting to use YubiKey. check out the full list
What I currently use Yubikey with
- Lastpass ( a must)
- Rohos (OSX Login)
- Rohos (Windows Login)
- Trucrypt (disk encryption)
- WordPress (plugin)
- OpenID (clavid)