Security Corner

Oct 29 2011   12:40AM GMT

Yubico delivers secure two-factor authentication for Gmail and Google Apps



Posted by: Ken Harthun
Tags:
Gmail
Two-factor authentication
Yubikey

I love my Yubikey and I recommend it highly to everyone. I have it set up to authenticate me to LastPass and as the second factor on PayPal and eBay. Now, thanks to a small Windows app, you can use your Yubikey to provide two-factor authentication for Gmail and Google Apps.

This past Wednesday, October 26, 2011, Yubico announced that the company has successfully implemented the Initiative For Open Authentication (OATH) Time-based One-time Password (TOTP) configuration for the YubiKey USB authentication key, enabling secure access to Gmail and Google Apps.

Built into the Google account framework to supplement traditional password protection, Gmail and Google Apps users are able to authenticate their login with an additional layer of security using OATH TOTP.  The YubiKey simplifies the process of logging in with a one-time password token, as it does not require the user to re-type long passcodes from a display device into the login field of the computer.

“The OATH-TOTP configuration of the YubiKey enables Google Apps and Gmail users to authenticate with a simple click of the mouse, with a higher level of security than a smartphone application and with a minimal sized and practically indestructible token,” said Stina Ehrensvard, CEO and Founder, Yubico.

The OATH-TOTP protocol relies on using the current time to create a hash-based message authentication code for login credentials.  To utilize the YubiKey to support this protocol, Yubico has developed a small Windows app.  Once installed, the app sends the current time as a challenge to the YubiKey and the response is processed to produce the OATH-TOTP six-digit response.

You can get full details here: yubico.com/totp.

Now, I’m off to set up Google two-factor authentication on my accounts.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: