|
I'm new to the yubi platform, however not so new to this realm - heres my take...
First, IMO its pretty impractical to think of using a token such as the yubikey (or any other bramd for that matter) with a smartphone, so long as its a plugin style.... I can't imagine having a key sticking out of my phone, and if it were to be something similar to micro sim/sd, it would be too small to switch between a phone and computer, unless it had a larger second paired key for this purpose, OR the phone once the key was inserted could then be used AS your key via bluetooth or similar. Practicality is a HUGE issue in this arena.... I use IronKey's for secure USB storage, which I love, however their lack of OS X development has nearly forced me away from them...simple issues like this kill security solutions.
The current alternatives such as google authenticator, seem to be a much better (current solution), IMO.
Another issue becomes OS integration with mobile devices....not many smartphones currently support HID devices out of the box, and most that do are via bluetooth, or proprietary plug. Smartphones are SUCH a sticky area when it comes to integration due to the MASS variety of hardware and OS software. Even Android devices OS's can vary significantly from device to device, as manufacturers tailor the OS to each device. More often than not, trying to keep up with mobile platforms just becomes cost prohibitive. Even if you target the big 4 (iOS, WinMobile, Android, BlackBerry) it can get out of hand quickly, and mobile OS makers are much tighter on their code, available API's, etc, partially because they have to try and protect the device from being unlocked, or violating other agreements with carriers. Carriers put a TON of restrictions on the OS vendors.
If you look at the low adoption rate of hardware keys of any kind, targeting mobile platforms can seem worthless to vendors....
I would LOVE to see a solution, I've been fighting basic credential management for mobiles for years, adding an advanced solution would be great! Heck, you can't even find a (user friendly) credential management system that traverses desktop OS's and mobiles right now...KeePass and LastPass have options, but certainly not friendly ones.
Personally, I'd like to see something along the lines of adding your smartphone to your Yubi as a solution...something like registering your device with a web interface, with an initial setup process that requires your Yubi from a desktop, and a verification between the phone and servers to allow your phone to act as an OTP key. There are issues to resolve with such a solution, but I think they are easier solved than the hardware solution...
As it stands as of TODAY, if you really need second factor authentication FROM your phone, something like an RSA digital display key is your best bet. If you need a second factor solution USING your phone as the key, something like Google Authenticator is your best bet...
Just my $.02...
|
Login
FAQ
Search
