Will YubiKey NEO Up the Ante on Security?

While the concept of Trojans attacking smart cards is not an entirely new phenomenon, what is disconcerting is that in 2012, the Skyipot Trojan targeted U.S. government agencies to gain access to restricted servers and networks in order to obtain sensitive information from military networks and aerospace technology firms.

Yubico, a premier provider of simple, open online identity protection, came to the rescue with what is claimed to be the world’s first smart card featuring USB, NFC and user presence that defends against malware aimed at smart cards – the YubiKey NEO.

Currently, the YubiKey NEO is being demoed at the RSA (News - Alert) Conference in San Francisco, February 25 - 28, OATH Pavilion, booth number 839.

The rugged YubiKey NEO, essentially an extension of the YubiKey Standard, fits naturally on a keychain, and is waterproof and crush-safe.  It is identified as a USB-keyboard, doesn’t require drivers to trigger it and works instantly.

Typically attackers trick users into downloading a key-logger that steals PINs associated with a smart card. Armed with the authentication codes and PINs, they were able to easily access sensitive networks. YubiKey NEO thwarts such attempts by eliminating the risk of smart card details being hacked by Trojans.

So, how does this work?

When the YubiKey NEO is swiped by a NFC enabled Device or smartphone, the YubiKey NEO generates a unique one time password, very similar to that provided by the standard YubiKey. This password is transmitted to the NFC device and is used to trigger the browser. Paired with a username/password, the YubiKey NEO reportedly provides secure authentication.

Stina Ehrensvard, CEO and founder at Yubico, observed that the encrypted pass code generated when the user physically touches the device is an additional form of authentication- one that cannot be triggered remotely by malware.

More than a million users in 100 countries rely on the YubiKey for securing access to networks, computers and online services. Customers range from individual Internet users to e-governments and Fortune 500 companies.

Although YubiKey NEO does seem to provide secure authentication, what happens if users lose or misplace the key and don’t realize until much later?