jim80.net

So I was listening to another Security Now podcast and heard about a promising new authentication technology designed by Yubico that generates asynchronous one time passwords with a simple push of a button. The device can authenticate against the maker’s servers or your own. The device itself registers as a USB keyboard and is therefore compatible with most computers. The device costs less than $25 each, with discounts for bulk purchases.

Key Genius is a product that leverages the Yubikey to provide a more secure platform for logging into websites. It recently won an award in the Yubiking competition, in partnership with Security Now. The site stores site-specific passwords in an encrypted database, and using a browser extension, replies to valid Yubikey passwords by automatically inserting the correct password for the site. Usernames are not stored by Key Genius at all, so it’s up to the user to supply them to the website in question. This is actually a good thing, as compromise of the Key Genius database cannot in of itself bely a user’s logon credentials. This is a neat product that not only enhances convenience, but does so in a secure manner.

Tags: GRC, Internet, keystroke monitoring, multi-factor authentication, Security

This entry was posted on Sunday, April 5th, 2009 at 12:42 by jim and is filed under Authentication, Internet, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.