Stina Ehrensvärd has one mission: to keep people safe online. Her Silicon Valley-based company, Yubico, produces the Yubikey, which is designed to stop people being terrible with their passwords.
Plug the key into a device's USB port and press a button. This enters an encrypted password to your computer, letting you login to Facebook and Gmail and other online services without being at risk from phishing attacks or entire accounts being compromised.
Ehrenvärd founded Yubico in 2007 and in the time since has provided internet security to 19 of the top 20 internet providers. “Someone needed to do something” she says. The inspiration for founding the company came when she met a professional hacker, her husband, who said he could rewrite the code that could log into her bank account in a day.
“I started to care for the internet like I care for my three kids,” she said after speaking at the WIRED Security conference. In 2007, Ehrensvärd and her husband Jakob, set about ways to make the internet secure from phishing. The pair came up with a smart-card that would allow you to sign-in to internet services through a pin-pad, connected to your computer by a contactless reader. However, the cards were too bulky for commercial use. “They were really secure but they were too much hassle” says Ehrensvärd.
After refinements, the result was a USB stick: the Yubikey FIDO U2F. "The only problem was, I had no idea how to put it out there”, Ehrenvärd says, “We had no business plan”. That was until, in 2010, Yubico was approached by Google, who asked it for help with phishing. The software in Google’s authentication app couldn't handle the most sophisticated of phishing attacks, Ehrenvärd says. The solution? Hardware.
The hardware from Yubico would mean that Google was no longer the centralised identity provider for the company, making it more practical and secure from sophisticated phishing attacks. "Google no longer see account take over from advanced phishing as a problem in their company” says Ehrenvard. Now, Yubico has 100 employees and has begun to provide security to Facebook, Dropbox and the UK government.
Will it save the internet? For Ehrensvärd, there is still a lot to do. Yubico is hoping to add biometric recognition to the Yubikey as well as an extensive open standard that she hopes all companies will eventually have to abide by. “Hacking is going to get worse before it gets better, we have to push the momentum”, she says. “That's what I'm going to be doing for the next five years.”
This article was originally published by WIRED UK
