The Web At A New Crossroads
Guest post by Chris Messina and Jyri Engeström (thanks to Brynn Evans for editing and Brad Fitzpatrick for comments on the draft)
…………………
Around 2003, things began to change.
Technology was then the black sheep, having left overnight millionaires destitute and without change to afford their $4 lattes. Even the posers had left San Francisco and gone back to suburbia to be office managers at Walmart.
It was a sad time for everyone — that is, except the die-hards and the hackers. The web for them had never been about making money, but about reshaping culture and toppling the old order. 2003, therefore, was the perfect time for a resurgence: the people who kept pushing on in the Valley and elsewhere were a concentrated motley crew of innovators and builders. They cared about technology for technology's sake and about developing and advancing web culture.
What they didn’t realize, however, was that the services and technologies that they were destined to build would need to be cobbled and sewn together using a system that would fight them every step of the way — not out of spite — but because of its architecture. By definition the network available was decidedly anti-human: in 2003, there was only the document-centric web.
Yubico Offers Master Key To Web
Yubico is a Swedish American security startup, founded in 2007 and based in Stockholm Sweden and Sunnyvale CA.
Yubico's mission is to "make Internet identification secure, easy, and affordable for everyone". The firm offers a physical token called YubiKey, which can be used for secure identification to web services.
The device is a simple one-button USB keyboard designed to generate a unique user identity and a one-time passcode, which will be sent to the PC as keyboard characters, thus saving the user from typing. When submitting the web form with the passcode, the information is verifed against the security provider’s authentication server. YubiKey can also be combined with a PIN or password for two-factor authentication.
YubiKey has quite good differentiating benefits compared to competing solutions. It also doesn't require any client software or installation, and thus works on any USB-enabled computer. YubiKey can currently be used with any website supporting OpenID. At the moment other possible uses include Windows login, Wordpress, Web single sign on, OpenVPN, Phpbb Forum, and Windows ActiveDirectory. Yubico has a developer community working on gradually spreading the support.
The company states the product suits perfectly any high security web-based application where fast and frequent online authentication is needed, for example government services and financial transactions as well as different purchases. According to their own words they aim to serve everyone from individuals to large corporations and the web community (which sounds ok for a universal security solution provider, though somewhat unfocused for a startup).
Yubico sells the YubiKey hardware online for quite an affordable price of 30 USD and offers the basic SDK under open source, to enable building customized authentication services. They also run their own validation servers and offer the service for subscription.
