#BSidesSF2019: How to Secure Online Identities with Simple, Secure Open Standards

#BSidesSF2019: How to Secure Online Identities with Simple, Secure Open Standards

Speaking at BSidesSF Stina Ehrensvard, CEO and founder of Yubico, and co-inventor of the YubiKey – a small hardware-based authentication device – outlined how online identities can be protected with simple, secure open standards.

Ehrensvard explained that security needs to be simple for users to adopt it, and that the “number one problem [in securing the internet] is a hacked online identity.

“An open standard [such as WebAuth] that can actually address this problem, can have a big impact.”

Describing how her and her husband came up with and developed the idea for the Yubikey, Ehrensvard said that “there is no other identification technology that is as widely used as hardware,” and that there is no simpler or more secure way to distribute and revoke credentials.

Ehrensvard cited the example of the development of the seatbelt at Volvo, where the inventor knew that in order for the seatbelt to improve in-car safety, it needed to not only be simple to use, it needed to be designed to an open standard for large scale adoption. Eventually, all countries made the seatbelt a legal requirement, and it has since then saved millions of lives.

“This is the same situation we have with the internet,” she added. “The internet was not built for security” but if we come together and drive standards that are easy to use and are taken into an open standard, we will reap the security benefits.

“WebAuth addresses the single biggest problem we have on the internet today: hacked credentials. It’s not the only problem, but it’s a really good one to start with.”

Source: Information Security Magazine