Saturday 20 December 2014 | RSS

 
Feedback
 
 

Yubico introduces one-time password token that secures access to the contents of NFC phones

The online identity protection specialist, which has more than one million users in 100 countries, has developed a new version of its YubiKey device that can be used to lock and unlock access to applications and data stored on NFC phones.

YubiKey Neo

YUBIKEY NEO: NFC-enabled passwords

Online identity protection supplier Yubico has announced a new version of its YubiKey USB authentication device that can be used to provide an additional layer of protection to NFC phone users.

The YubiKey Neo is designed to fit neatly onto a keychain and allows NFC phone users to securely identify themselves to their phone by simply bringing their YubiKey into close proximity with their mobile phone.

When the YubiKey Neo is introduced to an NFC phone, the device emits a securely encrypted one-time password (OTP). The default behavior when reading a YubiKey Neo on a smartphone is to trigger the browser with a programmable URL that includes the OTP, with no need to install any mobile app. Other applications are made possible by installing apps that support the device.

“The NFC enabled YubiKey Neo is our first step in expanding Yubico technology across smartphone and tablets, leveraging our core value of secure and easy-to-use, out-of-the-box authentication,” says Stina Ehrensvard, CEO and founder of Yubico.

“Whether you are authenticating an email account or an NFC payment service from your smartphone, mobile applications have shown to be vulnerable to several forms of attacks,” Ehrensvard adds. “Having a separate easy-to-use hardware device that leverages two-factor authentication for your smartphone is critical for minimizing the risk of mobile malware.”

The YubiKey Neo is being demonstrated for the first time at the RSA Conference in San Francisco next week. The first pre-production samples, available to order online in single quantities at a cost of US$50 each, will be available from 27 February.

Technical documentation that developers can use to integrate support for YubiKey authentication into their applications will be publicly released the same day.

The device will be available in production quantities from mid-2012 and is expected to then cost around double the US$15-25 price of the existing USB YubiKeys. Production units will come with built-in support for protecting Google Apps as well as for LastPass, which has already integrated support for the device into its Android password management app so that users can securely unlock their password vault by just swiping the key against their NFC phone or tablet.

Yubico has also produced a short video showing the YubiKey Neo in use:

More headlines...