Techso FR

Improved MFA security with Yubico’s Yubikey

IT, Security, Technology

Yubikey 5C

The 2010 decade will possibly be known as the last period when password-only authentication was considered secure. In recent years, more and more interesting solutions have emerged to allow multi-factor authentication (MFA), i.e. authentication with a combination of what we know (password), what we have (authentication token, cellular) and what we are (biometrics).

Biometrics has been implemented by Apple on its devices via Face ID and Touch ID, but the authentication token remains the solution covering the widest technological spectrum.

Yubico has released different versions of its Yubikey, and its benefits are becoming much more appealing.

First of all, it is an open technology, not being owned by a large technology group. Their keys are inexpensive (between $ 25 and $ 75 CAD for current keys, depending on the technologies supported).

Then, the operation is simple: you keep this key with you, and when authentication is necessary, you enter your password and then let the key interact with the device through USB or NFC in order to share encrypted authentication information. For example, you can use it to unlock your PC (Windows or Mac) by inserting it into the USB port, or to authenticate yourself on a website.

The Yubico token supports several protocols, including U2F, OTP, and FIDO2. Although their approach is somewhat different, these technologies interact with your device or a remote website to validate that you are the right person trying to authenticate. U2F technology, for example, is compatible with modern browsers such as Google Chrome and allows you to easily authenticate yourself with the Yubikey on several popular sites, such as Facebook, Gmail, GitHub and SalesForce.

The OTP authentication is particularly interesting: the Yubikey simulates a USB keyboard and, each time the button is pressed, the key generates a password of 44 characters, usable only once: the first 12 are used to identify the key, then the other 32 contain a combination of secret, counter, timestamp, and other information. It is therefore possible to associate the first 12 characters with your system user, then to validate the 32 others with a Yubico server (local or Cloud).

For those accustomed to using Google Authenticator, the Yubico Authenticator app (available on the Apple App Store) offers a distinctive advantage: instead of storing the keys generating the authentication numbers on your mobile device, they are stored on the Yubico key, accessible via NFC. So just start the Yubico app, touch your key to your NFC mobile device and the 6-digit numbers will appear. So, if you losse your mobile device, it does not contain any sensitive information, all the private keys being on your Yubikey.

For businesses, a wide range of programming libraries (APIs) allow you to create solutions that can take advantage of these technologies. You can protect access to your IT solutions at a relatively low cost.

Techso is your partner to assist you in the deployment of these solutions. Contact us for any questions.