Transcript
Hi Mike Matchett with Small World Big Data. We are here at Rsac 2025 live talking to all the latest and greatest cybersecurity vendors. We are here with Yubico because they have something kind of unique in the key space. I'm going to say key space, but how would you describe it? We make hardware security keys. So when you think about authentication, people are probably used to methods such as SMS or pulling out a phone to be able to get in with the product. We have the YubiKey. It's actually hardware authenticator. You actually use the keys themselves to authenticate into the app or service that you're using. So these look like they plug into USB and some other different form factors. Correct. All of these support multiple authentication protocols. So you're able to use a single key across many apps and services. Thousands of apps and services. All of these form factors are USB-A, USB-C, they all require a capacitive touch. So when I plug them in, I'm actually required to touch the device. That way a piece of code or malware can't trigger the key. These actually have a biometric sensor on them as well, so you can set those up to passwordless login to services like Microsoft and Okta and other IDPs simply by touching the device that unlocks the key and will send the credential and log me in. I'm almost afraid to touch it. You see, even here on the board, you know, like this. Oh no, it doesn't hurt. It doesn't hurt. Yeah. So so that's interesting that you actually have to do a capacitance touch or a biometric touch in addition to having the physical key. Exactly. It's it requires that human presence, which is interesting because we're at a show with a ton of AI right now, but these still require a human to activate them to, to send a credential and log me in. Talk to me about the sort of the usage of this. Is this something a company uses internally with its employees, or is this something a company would send out to their clients? Where does this where does this really play a role? It's actually a combination of both. And we really play horizontally. We're in every vertical, whether that's manufacturing high tech public sector organizations will use them wall to wall. You know, every employee can be part of that attack vector. So using them internally, you're able to use those with enterprise type apps and services. But then a lot of organizations actually empower their employees to take them home and use them on their personal apps and services as well. You can use them with kind of your core accounts, your Microsoft, your Apple, your Google accounts. Then also use them with your password managers, your social media accounts, banking where applicable, so you're able to use a single device across many, many different apps and services, both internally in the enterprise as well as on the personal side as well. If somebody has sort of a Yubico deployment operation, let's just say even with their employees, how easy is it for like, say, their IT staff or whoever's the security staff to administer these and to get new ones out to people who need them and so on? Yeah, we've actually, over the last several years have been focusing on that, making it a seamless as possible for employees, regardless of where they are, to get Yubikeys. We have what's called YubiKey as a service that allows a subscription model where you can kind of purchase different keys at different times based on the form factors. We have OOB enterprise delivery that actually allows us to send keys out to individuals, regardless of where they are. That can be home offices, they can be hybrid workers, small offices, or the big organization itself. And most recently, we introduced just late last year what's called Fido pre-reg. So focusing on modern Fido authentication First went to market with Okta. We're working with Microsoft now where we can actually put the individual's credential on the key, then send that out to that individual. They're able to receive that from day one. They put in a temporary pin that they get out of band and they log into their computer. And from that instance, they're considered phishing resistant because they're not reliant on any other form of authentication to get in. I'm not quite sure how to mentally file this away, right. Because it's hardware, it's biometric, but it's also security as a service in a way. The way you're saying you'll send the key out to people and then pre-loaded authentication and identification. We want it to be the highest level of security while also the best user experience possible. And of course, as we are a hardware vendor, that's always been the question how do we get keys out to individual users? And we've come up with services and shipping to really make that easy for them. Awesome. So we're here at Rsac. There's a lot of themes here. Obviously people are talking about AI. People are talking about supply chain attacks, people talking about this. What have you what are you hearing with the people that are stopping by here? And what are they interested in using Yubico for? Yeah. Really? It's, um. How do we deploy these is kind of the big question. What technologies do they work with. So when you're looking within the organization, we've been working for years and years and years to get native support and pretty much all the, all the native, uh, business apps and services that you would need. So people come. They're very interested in the Fido pre-registration because that is new and that is really made to, like I said before, make it as easy and seamless as possible to get this strongest level of security out to every individual within an organization. I mean, sort of that day one issuance of a key or the next day delivery or whatever else. The entire employee lifecycle. So from that initial login into the machine, your phishing resistant. When I'm working every day, if I need to log in I can use that YubiKey get in phishing resistant. If I were to lose a key. We always recommend having two. So you have a primary and a backup, just like a house or car key. But if I were to lose one or misplace one, I can have that secondary one for that account recovery as well, which really takes a lot of burden off of the help desk. It helps save money in that regard, because having that key, that root of trust that YubiKey to be able to get back in is is a really strong way to go. No that's great okay. So 25,000 people here, they're not all going to get everywhere. If you had one message you wanted to tell everyone about Yubico, that's sort of a key takeaway. What would that be? Uh, turn on your MFA. Mfa is extremely important right now. Uh, any form of MFA is is better than no form of MFA, of course. But if you really are looking for that highest assurance, that top level of both high security but extremely, extremely easy to use. Uh, Yubico is here to help you. All right. As, say, uh, someone out there is interested in looking deeper into this. Uh, obviously you have a website, but if it's just security professionals out there, since we're at the RSA show, uh, is any place specific, you tell a security professional to start looking and researching? Yeah, definitely. Go to Yubico. Com. It's Yubico. Com. All right. And that's it. There. That's just it. Thank you so much, Ronnie. Thank you. All right. Yubico com. Take care.
