On Securitynow podcast #141 Steve Gibson talks about his experience at RSA Conference 2008 a few weeks back. The RSA Conference is the largest of it’s kind in the world focusing on information security. I mentioned to a friend that I’m going to be at the RSA Conference in 2009 and I’m going to leave the kids somewhere and bring my wife. Ok, ok - that’s pushing it.Steve gave out a url which takes you to RSA conference Keynote speakers so you can watch at your leisure. There is one really fascinating keynote address by Jeff Hawkins about brains and computers (AI) that is worth watching.  Jeff Hawkins co-authored a book called, “About Intelligence”.

At RSA Steve stumbled on a really cool new product called the Yubikey from a Swedish company called Yubico. The Yubikey is a very small USB authentication device. You plug it in to your computer’s USB port and then go to, say, a website that was all set up to support Yubikey. Touch the device and it will spit out a really long one time password sequence. If you have the the device that is associated with you (based on the devices serial number I would guess) then you are authenticated. In authentication speak this form of authentication would be something you have, while your static password is something you know. The really cool thing about this device is that the Yubikey contains a tiny keyboard so you don’t have hardware compatibility issues. I need to learn more in order to fully explain how this works. What better way to learn about the product than to implement it. We talked about securing my blog’s “Admin panel” in a previous post. I have username/password and for a 2nd factor authentication I can use the yubikey. I sent the company an email the other day expressing my interest in the product. I got a response back from the CEO.

“Thanks for your interest in Yubico….Since Steve Gibson sent his latest SecurityNow! podcast interest in our product has greatly exceeded our expectations. We are working hard to catch up with demand and sincerely apologize to all of you who are still waiting to receive shipments from us. We expect to be caught up within the next two weeks. ……. “

I’m sure the CEO is happy she met Steve at RSA. I’ll keep you updated on my progress in implementing the Yubikey on my blog’s “admin panel”. We also need to discuss “openID” since the yubikey is openID compliant. In short you can use your Yubikey when logging onto sites that support openID for an added level of security. Until next time..

***** Follow up ******

New post on my Yubico Impementation.