In our world today, cybersecurity
has a big problem, as well as the solution; however fixing the problem isn’t exactly
as easy as you might think. The problem is the password. That string of
uppercase letters, lowercase letters, numbers, and symbols that we should use
for one and only one account, should leave no hints about them laying around,
and should change them at least once every six months. Right.
The password is both a blessing and
a curse: for low level security risk services and accounts, all you really need
is that simple string of eight to sixteen characters. However, when you want to
secure something more personal, private, or simply more important, that simple
string of characters becomes just that – simple. It is almost impossible for us
to follow cybersecurity protocols to the “T”, and if we try, we will certainly
have a hard time of it.
In comes, a not so new way of
securing our accounts – two-factor authentication; but this time, instead of
using an app or a password manager or a text code, imagine using a USB key. The
beauty to it is this: if you don’t have the key, you can’t access the account;
if you do have the key, all you have to do is make sure it is inserted in your
USB port and touch it.
In comes Yubico’s YubiKey, “a tiny
USB device…which plugs into laptops and desktops… and provides a level of
security above and beyond a password”. Created by Google and Yubico, the YubiKey
“generates a login code, specific to the user and service at hand, each time it’s
pressed”. This process is similar to other services like ApplePay, and EMV in
credit cards, and has proven to be a way to secure transactions and account information.
Available for use with various computer OS’s, as well as Google services,
Dropbox, and now GitHub, the YubiKey is part of a new movement online to make types
of two-factor authentication like the FIDO Universal 2nd Factor, or
U2F specification, more prevalent online, and as pervasive as possible. Possibly
the best part of YubiKey using U2F is that if a user loses one of their keys,
they can simply use another. Keys like these and other forms of two-factor
authentication are the future of cybersecurity, we have only to accept and
integrate them.
While these points are important
and brought up in the article, the real focus is on GitHub’s collaboration –
using YubiKey to secure open source code is a big step in making this form of
authentication and security prevalent and pervasive. Some things that I think
the article overlooked however are a more detailed explanation of the U2F
authentication, why there is such a push for two-factor authentication, and
finally the availability and pricing of YubiKey models.
Metz,
Cade. "GitHub Pushes Real Buttons to Make the Internet More Secure." Wired.com.
Conde Nast Digital, 1 Oct. 2015. Web. 1 Oct. 2015.
<http://www.wired.com/2015/10/github-moves-past-password-make-open-source-secure/>.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.