{"id":14266,"date":"2019-01-08T10:45:18","date_gmt":"2019-01-08T18:45:18","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2019\/01\/08\/news-8018\/"},"modified":"2019-01-08T10:45:18","modified_gmt":"2019-01-08T18:45:18","slug":"news-8018","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2019\/01\/08\/news-8018\/","title":{"rendered":"A YubiKey for iOS Will Soon Free Your iPhone From Passwords"},"content":{"rendered":"

<\/p>\n

Credit to Author: Brian Barrett| Date: Tue, 08 Jan 2019 17:00:00 +0000<\/strong><\/p>\n

Over the last <\/span>several years, Yubico has become close to ubiquitous in the field of hardware authentication. Its YubiKey<\/a> token can act as a second layer of security<\/a> for your online accounts, and even let you skip out on using passwords<\/a> altogether. The only problem? It\u2019s been largely unusable on the iPhone. That\u2019s going to change soon.<\/p>\n

The upshot: Yubico has received MFi certification, meaning Apple will officially support it as a hardware partner. To that end, the company will finally be able to make a YubiKey that fits into the iPhone and iPad\u2019s proprietary Lightning port, giving those devices the seamless security that already works so well on PCs. On the opposite side, it will offer a USB-C connector for MacBooks. (By way of disclosure, WIRED gives new subscribers<\/a> a YubiKey 4 when they sign up.)<\/p>\n

The news comes with some caveats. Yubico won\u2019t have an actual product until later this year, and needs developer buy-in for its Lightning token to reach its full potential. \u201cIt\u2019s iPhone, it\u2019s restrictive,\u201d says Jerrod Chong, senior vice president of product at Yubico. \u201cWe\u2019re not exactly there with default settings on an iPhone yet, so there\u2019s some work that developers need to do to enable their apps to work with the Lightning key.\u201d<\/p>\n

One key limitation: Apple does not yet natively support FIDO2<\/a>, an open source standard that lets you access your online accounts simply by plugging in a hardware token, rather than using a password. So if you want to use a Lightning-compatible YubiKey with Gmail, say, Google would have to provide support.<\/p>\n

Yubico hasn\u2019t announced any partners so far, but it at least has a head start. In August it expanded its iOS software development kit to include Lightning; the SDK had originally launched last March to help jury-rig support for near-field communication (or NFC) connections. But even with buy-in from developers like LastPass, NFC turns out to be an especially unhelpful way to manage authentication on an iPhone.<\/p>\n

Over NFC, for instance, a YubiKey can only use what\u2019s known as one-time password authentication, which is a one-way protocol. You can achieve two-way communication by using Bluetooth instead, but you\u2019re also just as likely to accidentally pair with your soundbar rather than your smartphone.<\/p>\n

\u201cAt a high level, today there are three ways you can communicate with the iPhone,\u201d says Chong. "You can communicate over NFC, but it\u2019s very limited in terms of what you can do. You can communicate over Bluetooth; the challenge there is that it\u2019s not super reliable. And then the third way is a hard connection.\u201d<\/p>\n

Which brings us back to the Lightning YubiKey, which may be even more useful by the time it launches. While Apple doesn\u2019t support FIDO2 now, the latest technical preview for Safari suggests it could be on its way. If iOS embraces the passwordless login standard, it will not only proliferate across the platform, it will have achieved ubiquity across every major operating system.<\/p>\n

A green light for an iOS YubiKey may be relatively minor news, but it signifies a promising future, one in which the only password you have to remember for any of your devices lives not in your memory, but on your key ring.<\/p>\n

Look, we get it. Remembering dozens and dozens of different passwords for different sites is next to impossible. But that doesn\u2019t mean you should be reusing your passwords. That\u2019s just asking for trouble.<\/p>\n

https:\/\/www.wired.com\/category\/security\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

Credit to Author: Brian Barrett| Date: Tue, 08 Jan 2019 17:00:00 +0000<\/strong><\/p>\n

Yubico has finally gotten the green light from Apple to make a hardware authentication token that works on iPhones and iPads.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10378,10607],"tags":[714],"class_list":["post-14266","post","type-post","status-publish","format-standard","hentry","category-security","category-wired","tag-security"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/14266","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=14266"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/14266\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=14266"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=14266"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=14266"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}