Industry News

Android Key Fob Secures Online Authentication Via NFC

If you’re into banking, you have probably used a one-time-password generator, or a token, as it’s commonly known. These devices are now moving along with the technology towards near-field communication (NFC), to make them even more friendly and safe.

If you have a NFC-enabled smartphone running Android, the Yubico YubiKey Neo is the right token for you. This new concept for generating one-time passwords uses near-field communication to send the one-time password from the USB-sized token to the appropriate field in the web browser or application, thereby avoiding any typing (as well as any chance of keystroke monitoring on the device).

Image credit: Yubico

“The YubiKey is a hardware authentication token that looks like a small USB memory stick, but it is actually a keyboard. With the command of an integrated touch button, the device can send a time-variant, secure login code as if it was typed in from a keyboard,” reads the product description. “And because USB keyboards are standard on all computers the YubiKey works on all platforms and browsers without the need for client software.”

To use it, the YubiKey key fob token is brushed across the back of the phone after logging in with the user name and static password used in the service or application. The key fob doesn’t require installation of third-party software, but rather uses a feature known as Android Beam, which was added to the mobile operating system starting with Ice Cream Sandwich.

The YubiKey can generate either static passwords, or one-time passwords, depending on the user’s preferences. It can also be used via the USB port with any desktop or mobile computer that is not equipped with NFC capabilities.

About the author


Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.