Hardware authentication keymaker Yubico announced an iOS software development kit today, enabling iOS developers to add YubiKey Neo NFC authentication to their apps. Yubico also announced that LogMeIn’s LastPass is the first third-party iOS app to support YubiKey through NFC.
YubiKey Neo is a portable, physical key-sized USB device with a USB plug on one end and a wireless NFC chip inside, enabling users to unlock computers with the USB plug and certain mobile devices with NFC. The concept is to provide secure two-factor authentication, combining a typed password with a required piece of identity-confirming hardware before unlocking a device.
On supported devices, the SDK enables a YubiKey Neo to send a one-time password directly over NFC, authenticating anything from money transfers to account settings. Yubico says that NFC authentication is four times faster than typing traditional one-time passwords.
While Yubico’s SDK technically supports any iOS 11 device, the current version of iOS enables third-party NFC support solely on a subset of recent iPhone models. Until last year, Apple prevented most third-party apps from accessing the NFC capabilities of its devices, but iOS 11 opened NFC on the iPhone 7 series and newer iPhones. iPads, older iPhones, and the iPhone SE are still not supported. YubiKey Neo already included support for NFC-capable Android and Windows Mobile devices.
“It’s absolutely critical to have a hardware-based root of trust, like the YubiKey, to establish an approved relationship between a mobile phone and the apps we use,” said Yubico CEO Stina Ehrensvard. “Mobile authentication methods, like SMS or push apps, cannot be considered as trusted second factors to authenticate in a mobile app setting. They can be spoofed by porting a number to a different mobile device or can be very unreliable at the mercy of the phone networks.”
Thanks to a new update, LogMeIn’s password manager LastPass has integrated YubiKey Neo support for the latest iPhones, enabling users of LastPass Premium, Families, Teams, and Enterprise accounts to authenticate on mobile using the same YubiKey they carry for desktop and/or laptop use. This integration effectively enables LastPass users to get faster access to their collections of web and app passwords, with YubiKey Neo wirelessly unlocking the app.
YubiKey Neo sells for $50 per USB key or $48 each when purchased in packs of 50, while the Yubico Mobile SDK for iOS is available to developers from the Yubico Developer site. Yubico also notes that unsupported iPhone users can still initiate secure mobile app enrollment with the new SDK, albeit using a desktop computer with the YubiKey.