YubiKey Review
When my friend handed me a pair of YubiKeys (made by Yubico) I didn't really know what they were. These little USB sticks emulate a keyboard and have a dual purpose button. Depending on how long you hold your finger on the button you will get either a one time use password, or a static password that is repeated. Essentially, when these keys are coupled with a service that supports them, you will have two factor authentication that can be very difficult to crack.
Black and White Yubikeys
Two factor authentication is simple. In order for you to log in to your service you first must insert your username and password. The second part involves a token of some sort. This token is generated on the fly and can only be used once. For the sake of the Yubikey a new token is generated every time you press the button.
Dual Functionality
The Yubikey also has the ability to be reprogrammed. One great feature is the dual identity mode. A single press on the button generates a one time password. Holding the button down for about four seconds enters a repeatable password. The same password is submitted every time. This can be handy for a lot of reasons. You can use this password in conjuncture with a remembered password.
For instance: Your banking login can consist of your normal username, your normal password, and then you can apply your long password stored on your Yubikey.
Username: bankusername
Password: bankpassword
Yubikey: C4j3eicIueha83k
When used in combination your banking password becomes "bankpasswordC4j3eicIueha83k". Something much harder to decipher. This would be better used for a website or password that is more prone to brute-force techniques but again, a stronger password is always better than a weaker one.
Compatible with everything
Since the Yubikey emulates a USB keyboard it can essentially be used on any device that supports USB keyboards. From what I understand it even works on the iPad with the camera connection adapter. Yubico is also working on an iOS/Android application for mobile use. This application wouldn't be as strong as a hardware Yubikey but it would allow for you to access logins that are two-factor authentication only. For instance, if you used your Yubikey on your banking website you would need to authenticate with it every time. Should you try to do so on your phone without the Yubikey you'd be locked out.
For me the Yubikey is a no-brainer. At $25 a Yubikey it's a very affordable way to enable two-way authentication on logins that normally only allow for single authentication. Durability is not a concern either. The Yubikey is almost indestructible. Yubico states it will survive going through the wash cycle and being run over by a car.
I didn't understand the appeal of the Yubikey when I was handed a pair. Now I can say I use it daily. It keeps all of my login information secure when paired with LastPass, which that feature alone is worth $25.
