立即打开
硬件安全密钥:互联网的安全带?

硬件安全密钥:互联网的安全带?

Robert Hackett 2019年09月18日
安全专家强烈推荐使用硬件安全密钥,它在密码之外又提供了第二因素身份验证。

2016年日内瓦车展上系着安全带的碰撞测试假人。生产互联网账户安全密钥的初创企业Yubico的首席执行官兼联合创始人斯蒂娜·埃伦斯瓦德表示,我们需要为互联网装上安全带。图片来源:Harold Cunningham—Getty Images

斯蒂娜·埃伦斯瓦德正在打造“互联网安全带”。

Yubico是一家设计互联网账户安全密钥的初创公司,该公司的首席执行官兼创始人一边滔滔不绝地说着,一边兴奋地把一个小包甩在了《财富》杂志的办公桌上。塑料包装里是她的最新产品。这是第一个兼容Lightning接口的硬件安全密钥。换句话说,这是第一款适用于苹果5及以上iphone最新机型的密钥。

安全专家强烈推荐使用硬件安全密钥。它们提供了一层额外的保护——用术语来说就是在密码之外又提供了第二因素身份验证。它们通常比向您的手机发送一次性验证码或使用能够随机生成数字的应用程序来设置密码更安全。Twitter、Facebook和Dropbox等服务商都支持密钥。

可能会有人对这个想法不屑一顾——为什么每次我想登录账户时都要把这个加密狗插入我的手机?斯蒂娜提前预料到了这种反对的声音。她的密钥你只要偶尔插一下就行。谷歌有30天的宽限期。其他服务商会给你更多的宽限。再说了,和能换来的平静相比,这点小麻烦算什么?

埃伦斯瓦德将自己的发明称为安全带,她是在向几十年前沃尔沃的创新致敬。1959年,这家汽车制造商的一位工程师尼尔斯·波林发明了三点式安全带,后来成为整个汽车行业的安全标准。沃尔沃没有申请专利,也没有将这种救命设计的所有权据为己有,而是选择宣传推广这种创新。巧合的是,同为瑞典人的埃伦斯瓦德也打算用她的发明做同样的事情。

“即使你不提Yubico,你也应该推广这个标准,”埃伦斯瓦德恳求道。她指的是WebAuthn,这是一种为所有此类技术赋权的开放式的认证标准。她希望提高人们对该协议的认识,这样会有更多的大型科技公司对此进行推广。直到最近,互联网技术标准机构设置万维网联盟(World Wide Web Consortium,或称为W3C)对该技术表示支持之后,苹果才开始增设对相关技术的兼容性(你可以在苹果网络浏览器Safari的测试版或实验版上测试该密钥)。

一些安全密钥不需要物理接触就可以运行——不需要在任何端口插入密钥。他们使用“近场通信”或蓝牙这两种无线通信标准来交换认证数据。但由于担心安全问题,Yubico不会使用蓝牙,而苹果迄今也拒绝让外界接入其NFC功能。所以,iPhone没有非接触式的YubiKeys密钥。

考虑到Yubico和苹果之间的这种僵局(希望是暂时的),我们最好记住,拯救这么多人生命的不是安全带的发明,而是沃尔沃的波林发明的三点式安全带设计的便利性。如果苹果公司能像长期以来谷歌对安卓系统上的支持一样,让Yubico这样的公司接入其NFC,我们将会看到真正的进步。(财富中文网)

译者:Agatha

Stina Ehrensvärd is creating "a seatbelt for the Internet.

The CEO and founder of Yubico, a startup that designs online account-securing fobs, says as much as she enthusiastically slaps a package on a table at Fortune’s offices. Inside the plastic container: Her latest product. It’s the first Lightning-port compatible hardware security key. Translation: the first security fob that works with Apple’s latest iPhones, generations 5 and later.

Hardware security keys come highly recommended by security experts. They offer an additional layer of protection—a second-factor, in the parlance—over passwords alone. They’re generally more secure than sending a one-time code to your phone, or using a random number generating application to produce the codes. Services such as Twitter, Facebook, and Dropbox support the keys.

Before one dismisses the notion—why am I going to stick this dongle into my phone every time I want to log into one of my accounts?—Stina anticipates the objection. You only have to stick in the key every so often. Google lets you have a 30-day grace period. Other services give you more leniency. Besides: What's a minor inconvenience for so much peace of mind?

In calling her invention a seatbelt, Ehrensvärd is hearkening back to decades-old innovations at Volvo. In 1959, Nils Bohlin, an engineer at the carmaker, created the three-point seatbelt, which became the standard for safety across the auto industry. Instead of filing patents and keeping the life-saving design proprietary, Volvo chose to evangelize the innovation. Ehrensvärd, who is, coincidentally, also Swedish, aims to do the same with her invention.

"Even if you don’t write about Yubico, you should promote this standard," Ehrensvärd implores. She refers to WebAuthn, an open authentication standard that enables all this technology to work. She wants to raise awareness about the protocol so that more big tech companies roll it out. Apple only recently began adding compatibility after the World Wide Web Consortium, or W3C, an Internet standards body, gave its blessing to the tech. (You can test the keys out on the beta, or experimental, version of Apple's web browser Safari.)

Some security keys work without physical touch—no sticking keys in any ports. Instead, they use " near-field communication " or Bluetooth, two wireless telecom standards, to exchange authentication data. But Yubico won't touch Bluetooth, for fear of security issues, and Apple has so far refused to let outsiders tap into its NFC capability. So, no contactless YubiKeys for iPhone.

In considering this (hopefully temporary) impasse between Yubico and Apple, one might do well to remember that it wasn't the invention of the seatbelt that saved so many lives, but the convenience of the three-point strap design that Volvo's Bohlin pioneered. If and when Apple buckles up and lets companies like Yubico tap into NFC, as Google has long enabled on Android, we'll see real progress.

  • 热读文章
  • 热门视频
活动
扫码打开财富Plus App