Advertisement

YubiKey arrives on iOS

YubiKeys will finally work with iPhones.
The YubiKey NEO and an iPhone, now friends. Photo: Patrick Howell O'Neill

Cybersecurity hardware company Yubico has had a year marked by new investmentnew tech and big customers including Google and Facebook. But the most frequent customer question has remained: Can I use this thing with my damn iPhone?

The answer is now “yes.”

Yubico announced on Tuesday a new YubiKey software development kit for iOS, allowing app developers to integrate the hardware key’s near field communication (NFC) authentication into their apps. That is, the small device doesn’t have to touch the phone to help authenticate a user, as it does with personal computers.

Advertisement

The first iOS app to offer YubiKey support is popular multiplatform password manager LastPass. The process works with a YubiKey NEO model, which has NFC built in. CyberScoop used a beta version prior to the company’s announcement and found it to be as straightforward as plugging a YubiKey into a laptop or using it via NFC with an Android device.

The company, which is based in both California and Sweden, has been growing since a “huge spike” in orders beginning in 2016. Its line of small, hardware-authentication security keys provides stronger multifactor authentication than SMS or app-based authentication options, according to experts. Although, like any technology, hardware modules are not perfect.

YubiKey’s arrival to iOS comes as Apple opened up NFC — the short-range communications protocol used for things like secure payments in Apple Pay — for wider use. Prior to this announcement, it was a particularly frustrating shortfall because iPhones are considered to be among the most secure consumer computing devices available, yet multifactor authentication options are few and far between.

“It’s absolutely critical to have a hardware-based root of trust, like the YubiKey, to establish an approved relationship between a mobile phone and the apps we use,” said Stina Ehrensvard, Yubico’s CEO. “Mobile authentication methods, like SMS or push apps, cannot be considered as trusted second factors to authenticate in a mobile app setting. They can be spoofed by porting a number to a different mobile device or can be very unreliable at the mercy of the phone networks.”

 

Patrick Howell O'Neill

Written by Patrick Howell O'Neill

Patrick Howell O’Neill is a cybersecurity reporter for CyberScoop based in San Francisco.

Latest Podcasts