By now it's hopefully been drilled into you to enable two-factor authentication[1] on your online accounts, giving you more protection than a password alone. And while the most ubiquitous second factor is a numeric code sent to your smartphone via an app, physical tokens[2] that you plug into your computer have become increasingly popular. And now they're angling to make passwords obsolete.
On Monday, the hardware authentication company Yubico is announcing a new generation of its physical YubiKey tokens that support password-less login. The Series 5 YubiKeys get this streamlined mojo from FIDO2, a new version of an open source standard[3] that facilitates secure authentication. As companies like Microsoft adopt the standard over the next few months, all you'll need for a secure log-in is to plug in and tap your new YubiKey. That's it.
"We rely on so many static credentials like passwords or your mother’s maiden name—it's everywhere," says Jerrod Chong, senior vice president of product at Yubico. "So it's very important that we think about the plumbing that needs to change, and FIDO2 brings a whole new range of capabilities."
The idea behind all FIDO tokens is that instead of relying on a static piece of data you know, like a password, you can authenticate yourself with something you have, like a YubiKey, and that device can perform all sorts of robust cryptographic checks without any extra work on your part. Yubico came to market early and its products have become synonymous with the larger movement in many ways, but other options built on the FIDO standard are out there, including Google's Titan[4] security keys. Titan doesn't support FIDO2 yet, though. (By way of disclosure, WIRED gives new subscribers[5]