In our world today, cybersecurity has a big problem, as well as the solution; however fixing the problem isn’t exactly as easy as you might think. The problem is the password. That string of uppercase letters, lowercase letters, numbers, and symbols that we should use for one and only one account, should leave no hints about them laying around, and should change them at least once every six months. Right.
The password is both a blessing and a curse: for low level security risk services and accounts, all you really need is that simple string of eight to sixteen characters. However, when you want to secure something more personal, private, or simply more important, that simple string of characters becomes just that – simple. It is almost impossible for us to follow cybersecurity protocols to the “T”, and if we try, we will certainly have a hard time of it.
In comes, a not so new way of securing our accounts – two-factor authentication; but this time, instead of using an app or a password manager or a text code, imagine using a USB key. The beauty to it is this: if you don’t have the key, you can’t access the account; if you do have the key, all you have to do is make sure it is inserted in your USB port and touch it.
In comes Yubico’s YubiKey, “a tiny USB device…which plugs into laptops and desktops… and provides a level of security above and beyond a password”. Created by Google and Yubico, the YubiKey “generates a login code, specific to the user and service at hand, each time it’s pressed”. This process is similar to other services like ApplePay, and EMV in credit cards, and has proven to be a way to secure transactions and account information. Available for use with various computer OS’s, as well as Google services, Dropbox, and now GitHub, the YubiKey is part of a new movement online to make types of two-factor authentication like the FIDO Universal 2nd Factor, or U2F specification, more prevalent online, and as pervasive as possible. Possibly the best part of YubiKey using U2F is that if a user loses one of their keys, they can simply use another. Keys like these and other forms of two-factor authentication are the future of cybersecurity, we have only to accept and integrate them.
While these points are important and brought up in the article, the real focus is on GitHub’s collaboration – using YubiKey to secure open source code is a big step in making this form of authentication and security prevalent and pervasive. Some things that I think the article overlooked however are a more detailed explanation of the U2F authentication, why there is such a push for two-factor authentication, and finally the availability and pricing of YubiKey models.
Metz, Cade. "GitHub Pushes Real Buttons to Make the Internet More Secure." Wired.com. Conde Nast Digital, 1 Oct. 2015. Web. 1 Oct. 2015. <http://www.wired.com/2015/10/github-moves-past-password-make-open-source-secure/>.