What is Yubikey, and why people choose it after losing money?
Security is extremely important in the cryptocurrency industry. There are many severe hack events happened every year in the space.
One way to protect user is Two-factor Authentication (2FA). Two most used 2FA methods are SMS code and Google authenticator. Almost every cryptocurrency users are no strangers.
But text messages or Google authenticator codes may be intercepted by skillful hackers, as a result, there will be stealing events.
One example is a Binance’s security breach 8 months ago and 7000 BTC were hacked. Because hackers were able to obtain a large number of user API keys, 2FA codes, and potentially other info.
One solution is physical security device. That is also the mission of Yubikey.
Yubikey is a physical USB Two-factor Authentication (2FA) device for logging in to accounts, withdrawing funds, and resetting passwords.
The remedial activity of Binance was to support for two-factor authentication (2FA) via Yubico's "Yubikey" hardware-based security keys. And give away 1,000 YubiKeys to its users.
In cryptocurrency industry Yubikey has been supported by Coinbase, Binance, EOS, Brave. No to mention internet giants such as Google, Facebook, Microsoft, Github, Dropbox, Salesforce.
What is Yubico? Why so many internet services choose Yubico’s products? Cointime interviewed Guido Appenzeller, Chief Product Officer (CPO) at Yubico, recently.
Guido Appenzeller will give you answers in the following interview.
Cointime: Can you introduce yourself and Yubico? What are the products of the company?
Guido Appenzeller：My name is Guido Appenzeller and I’m the Chief Product Officer here at Yubico. Yubico was founded in Sweden with a simple, yet powerful mission: to make the internet (and specifically logins) secure & easy for everyone.
One of the primary ways that we’ve been able to do this is through the development of open authentication standards such as FIDO U2F, FIDO2, and WebAuthn. These standards have brought the security of public key cryptography to everyone, but with an elegant and simple user experience. And they have great usability. FIDO2 and WebAuthn are the first standards for web authentication that eliminate the need for usernames and passwords.
Yubico also builds a number of security products that help keep enterprises and individual users safe online. Yubico’s flagship product is the YubiKey, a multi-factor authentication device that delivers strong hardware protection, with a simple touch, across any number of IT systems and online services. YubiKeys come in many different form factors, including some that work with standard USB-A ports, to others that work with USB-C ports, Lightning ports, and even wirelessly via near field communication (NFC).
Yubico also provides the YubiHSM, an ultra-portable hardware security module designed to protect sensitive data stored in servers.
Yubico has cooperated with many big companies, like Binance and Coinbase.
Cointime: Can you explain specifically how your products work in these exchanges and how to ensure security? How can the YubiKey ensure cryptocurrency exchanges, accounts, and high-value transactions safe and easy?
Guido Appenzeller：Yes, that’s correct. We have a number of large customers in the cryptocurrency space who use YubiKeys internally to help protect employee accounts, but we also have some exchanges that support the YubiKey as an authentication option for customer accounts as well. This provides their users with the option to use the most secure form of two-factor authentication on their accounts — a hardware security key.
Essentially, a user will register a YubiKey with their account and it will create a public-private key pairing that tells the service that only people with this YubiKey are allowed to log in to this account. From that point forward, anyone who may try to remotely hack into the account from an unknown or untrusted device will need physical access to the user’s YubiKey in order to gain access.
Furthermore, the YubiKey keeps users safe from phishing attacks. The device can recognize if it is ever being asked to authenticate to a fake site and will not release the private key that is required to log in. All of these security checks happen behind the scenes — unbeknownst to the user — with just one touch to the device.
As online attackers become more advanced, it’s important that security is taken seriously in the cryptocurrency space. There doesn’t need to be a trade-off between security and usability, and a security key is the most secure method to protect your assets.
Cointime: What’s Yubico’s advantage compared with other service providers?
Guido Appenzeller：Yubico pioneered the security key and helped develop a number of the open authentication standards that are used across the web today. Our YubiKeys support a number of different authentication protocols, which gives you a lot of versatility in where you can use a YubiKey. We have a large partner network with pre-built integrations for the YubiKey.
The YubiKey is also very easy to use. Using a YubiKey requires just a single touch and it is a lot faster than alternate methods like typing one-time passcodes.
Last but not least, we pay a lot of attention to how we make our keys. We invest in a secure development process and a secure supply chain that makes our keys.
Cointime: Would you like to tell us about any upcoming launches or partnerships lined up at Yubico?
Guido Appenzeller：Sorry, I can’t give details on future launches. But safe to say that we have some exciting products planned for the future.
Cointime: What’s your opinion about the development of blockchain in the future? And what can Yubico do to help the development?
Guido Appenzeller：Blockchains are very versatile tools that address a wide range of use cases far beyond crypto currencies and we think they will become a building block for many future applications. YubiKeys have the ability to either be used for authentication, or directly by users to sign transactions on a blockchain with keys that are kept secure in the tamper resistant hardware of a YubiKey. And servers that sign transactions on the blockchain can leverage our hardware security module for additional security.
Cointime: Yubico has an immensely talented and a growing team of superstars who are industry leaders and innovators. What are Yubico’s further plans for expansion? Will you expand into the blockchain industry to do a real application?
Guido Appenzeller: We have a big mission here at Yubico — to make the internet safer for everyone. There is still a lot of work to be done on this front, so we certainly have plans to grow our team, both geographically as well as in size. As a company, we are committed to continuing innovation in authentication and securing digital identities, especially as we see necessary applications in other sectors such as smart car, smart home, cryptocurrencies, etc.
Executive editor： Maxwell