Yubico, the company behind the increasingly popular YubiKey security keys, today announced the launch of a new SDK for iOS developers that allows them to add support for two-factor authentication over NFC with the company’s YubiKey NEO keys. With this, the company now offers solutions for all the major platforms. The first company to support this new feature, by the way, is LastPass, which already supported the Yubico one-time passwords over NFC on Android.
While it was already possible to build an integration with the YubiKey NEO once iOS 11 launched, the new SDK will make it significantly easier for more developers to support these keys over NFC.
“It’s absolutely critical to have a hardware-based root of trust, like the YubiKey, to establish an approved relationship between a mobile phone and the apps we use,” said Stina Ehrensvard, Yubico’s CEO and founder, in today’s announcement. “Mobile authentication methods, like SMS or push apps, cannot be considered as trusted second factors to authenticate in a mobile app setting.”
The company argues that NFC authentication is about four times faster than getting traditional one-time passwords. Developers can use the NEO keys for giving users access to an application, as well as for step-up security to initiate actions like money transfers or password resets.
Users simply have to touch the phone with their key (assuming they have an iPhone 7 or newer and run iOS 11) and they should be good to go.
“Integrating the Yubico SDK into the LastPass iOS app was a quick and painless process, mostly because the NFC API matched almost 1:1 with the Yubico SDK API,” said Akos Putz, Principal Product Manager for LastPass in the announcement. “We’re excited to offer this new authentication method for our iOS users right out of the gate, giving them another option for adding an extra layer of security to their LastPass vault.”