Information Systems Integration – Messina

New Password Key may End Standard Passwords

keys

It has become common practice to use two factor authentication for passwords in order to make them more secure. An example of two factor would be having a code sent to your phone that you have to enter before logging into your email, or by using a physical token that can be plugged into a computer.

A company named YubiKey hopes to completely replace passwords for just the physical key. Its fifth generation physical key will support password less logon. This is beneficial to users everywhere because it dramatically increases the effectiveness of password security. Passwords fall short in many areas of security, especially since many people use the same password for multiple sites or platforms, increasing the chances of getting hacked or their information stolen.

The YubiKey will let users easily log into computers or other locked platforms such as work emails. The authentication process starts with step 1 of having the actual physical key, and step 2  is presenting the device to the computer to gain access. From there additional layers of authentication can be added. For example, users can opt to use a local pin as a second layer of protection. This differs from a password because it is never transmitted over the internet, so there is no chance it can be stolen. Microsoft has been working with the company in order to integrate it with Microsoft Azure and Windows 10. Do you think this technology will quickly replace standard passwords? Would you be willing to replace your standard password for this new physical security technology?

Source: https://www.wired.com/story/yubikey-series-5-fido2-passwordless/

4 Responses to New Password Key may End Standard Passwords

  • I think Yubikey is a very interesting company and concept that could have a great impact. Having multiple passwords across numerous accounts becomes an issue and having to change them every couple months is definitely a hassle. I think they can bring value to a ton of consumers and companies because of the more secure process. I think this technology could easily replace standard possibles and I would easily use this product over my standard passwords that become more troublesome by the day.

  • Lauren,
    This is a very interesting topic you have posted. The ability to have a physical key would help people in that they wouldn’t have to continue writing down passwords they can’t remember, which would then cause less chance of being hacked. I think this could become a good standard for physical security, but I don’t know if it could replace password security altogether. What happens if the key is lost? Is there an ability to make a copy; and if that is possible, does it deactivate the lost key? Also, how would this work for companies who currently are using a VPN on top of password security? Is the purpose of the physical key going to eliminate VPN’s as well?
    Thinking from personal experience at my internship, associates would roll on and off clients. In that case, would the company be issuing new keys everytime someone joined the team, or would an old key be given to new team members? This could leave vulnerabilities possibly in the security once again. I feel there is true value in this product, as long as the above mentioned questions can be answered.

  • So the first thing I think of is what happens when you lose the key? Will you be unable to login to your computer? For example a work commuter may have left their key at home, then will have to drive another few hours to retrieve it just to start working. I am not sure thats an effective way of doing it.

    If a key is lost, maybe they need to have a system in place to either locate the key (sort of like Tile), or a way of getting the user logged in without it for the time being. This just seems like another step.

  • This technology is interesting and maybe useful in some cases. Having a physical copy of your “password” can be very useful in security and hackers will have almost no chance of getting that code without your key. In a world that is heavily focused on cyber security these days I think this product has a potential market. The only problem would be that if I lose the key it would be very inconvenient if I need to get to my emails/computer. I would have to contact the company and they would have to verify that it is me in some way and that seems like it would be a hassle.

Leave a Reply to Nina M Sjostrom Cancel reply

Your email address will not be published. Required fields are marked *