Yubico Extends Two-Factor Authentication to CERN

Yubico's YubiKey combines open-source software with proprietary hardware to deliver a customized approach to two-factor authentication.

The need for stronger forms of authentication that are more robust than simply having a username and password is critical in the modern world. That's where two-factor authentication comes in—adding a second item that is unique and randomly generated in order to secure authentication.

There are multiple vendors and technologies at play in the two-factor authentication marketplace, one of them being Yubico. Yubico's YubiKey two-factor technology uses a combination of open-source technology and proprietary hardware.

It's a technology that is getting noticed too. Yubico CEO and founder Stina Ehrensvard told eWEEK that CERN, the European Organization for Nuclear Research, is now among the adopters of the YubiKey technology. CERN is using YubiKey as a two-factor authentication method to securely log into its single-sign-on portal and critical services, she said.

"CERN chose our solution because it's really easy to use and we provide components that are open-source, and they are very open-source savvy," Ehrensvard said.


From a technology perspective, the YubiKey system involves multiple components. One component is the hardware piece, which is the physical YubiKey USB device.

"When you plug the YubiKey USB into a computer, it is recognized like any standard USB device," Ehrensvard explained. "There is a small touch button, and when it is pressed, a one-time password is sent through the interface."

With other two-factor authentication mechanisms, Ehrensvard said, users typically have to manually input a six- to eight-digit code. The YubiKey automates that process, making it easier and faster for users. Ehrensvard added that CERN is just one of YubiKey's clients, alongside other IT industry giants such as Google and Facebook.

As to why YubiKey has found adoption with CERN and other technically-savvy organizations, Ehrensvard said it has a lot to do with the fact that organizations can control their own secrets.

"With CERN, they program their own encryption secrets on the back end," she said.

The YubiKey hardware itself is proprietary, but the back-end server components are all open-source, Ehrensvard explained. YubiKey also supports the oAUTH standard, so it can fit into other authentication systems.

"We enable our customers to build their own solution with the free open-source tools that we provide," Ehrensvard said.

Currently Yubico does not have its own "enterprise-class" software for the back end. Ehrensvard explained that most of the technical companies that Yubico works with are happy with that model. That said, she admitted that there are some organizations that have approached Yubico saying they like the key, but don't want to roll their own open-source solution.

"We work with several partners that have enterprise-class software," Ehrensvard said. "We also invite our partners to build enterprise-class solutions with our product."

While there is no shortage of solutions in the market to solving the challenge of authentication, Ehrensvard doesn't see any one particular vendor as being her primary competition.

"Our biggest competitor today is the username and password," she said. "I would say that everything that educates the market on the need for two-factor authentication is good for Yubico."

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.