Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

12/13/2011
04:27 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Yubico Delivers Secure Access For Web Sites And CMS

Swedish ISP customer Frobbit! is using the YubiKey to ensure secure access to its Wordpress site

PALO ALTO, Calif. and STOCKHOLM, Dec. 13, 2011 As the leading provider of simple, open online identity protection, Yubico successfully meets the increasing requirements for securing online accounts and user identities on web sites and content management systems such as Wordpress, Drupal and others. Yubicos suite of authentication and security solutions allows users to quickly implement user-friendly one time password technology for simple and secure access.

The weakness of traditional usernames and passwords, and the demand for raised levels of security for websites and social networks continues to grow as hacker attacks around the world are increasing at an alarming rate. The perceived cost and complexity for adding more secure technologies to web sites and online services, has to date limited their adaption. Yubicos suite of authentication and security technology introduces a unique solution, that is simple to install, secure and extremely cost efficient, filling the gap in security for end users.

A web site with any number of users can integrate support for strong two-factor authentication in less than an hour with Yubico. The security suite consists of the YubiKey, YubiCloud and YubiHSM Technology. The combination of the YubiKey, a small USB-token that simplifies the process of logging in with a One-Time Password (OTP), and YubiCloud, a free, hosted authentication service from Yubico, allows web site administrators to provide two-factor login credentials to their end users. To protect the YubiKey one time password secrets from remote hackers and eliminate a security breach similar to what recently happened for RSA SecureID tokens, YubiCloud servers are secured with YubiHSM (Hardware Security Module) technology.

The YubiKey is a practically indestructible device that fits easily on a keychain and works on all computers and platforms without the need for client software. The USB hardware, that has to date been verified by a million global users, is provided with free open source software and has been integrated with the leading open source CMS software projects, including Wordpress and Drupal. Frobbit!, a Swedish ISP, has integrated YubiKey with their Wordpress web site, enabling easy and secure login for both staff and customers.

At Frobbit! we take our customers security seriously. The YubiKey was easy to integrate into our website infrastructure, using the Wordpress plugin and the web APIs for the free YubiCloud authentication service, said Eva Frlich, CEO at Frobbit! After using the YubiCloud service for 6 months, we have had 100% uptime, a minimum cost and support and our customers appreciate the easy of use of the YubiKey.

For web sites and content management systems who would like to implement secure, two-factor authentication for their users, please visit yubico.com/YubiKey for more information.

About Yubico

Yubico is the leading provider of simple, open online identity protection. The companys flagship product, the YubiKey, uniquely combines driverless USB hardware with open source software. More than a million users in 95 countries rely on the YubiKey for online identity protection with simple and secure access to computers, networks and online services. Customers range from individual Internet users to e-governments and Fortune 500 companies. Founded in 2007, Yubico is privately held with offices in California, Sweden and UK. For more information, please visit yubico.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4682
PUBLISHED: 2021-01-28
IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization of trusted data. An attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 186509.
CVE-2020-4888
PUBLISHED: 2021-01-28
IBM QRadar SIEM 7.4.0 to 7.4.2 Patch 1 and 7.3.0 to 7.3.3 Patch 7 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function. By sending a malicious serialized Java object, an attacker co...
CVE-2020-13569
PUBLISHED: 2021-01-28
A cross-site request forgery vulnerability exists in the GACL functionality of OpenEMR 5.0.2 and development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce). A specially crafted HTTP request can lead to the execution of arbitrary requests in the context of the victim. An attacker can...
CVE-2021-20620
PUBLISHED: 2021-01-28
Cross-site scripting vulnerability in Aterm WF800HP firmware Ver1.0.9 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.
CVE-2021-20621
PUBLISHED: 2021-01-28
Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.