硬件安全密鑰:互聯(lián)網(wǎng)的安全帶?
斯蒂娜·埃倫斯瓦德正在打造“互聯(lián)網(wǎng)安全帶”。 Yubico是一家設(shè)計(jì)互聯(lián)網(wǎng)賬戶安全密鑰的初創(chuàng)公司,該公司的首席執(zhí)行官兼創(chuàng)始人一邊滔滔不絕地說著,一邊興奮地把一個(gè)小包甩在了《財(cái)富》雜志的辦公桌上。塑料包裝里是她的最新產(chǎn)品。這是第一個(gè)兼容Lightning接口的硬件安全密鑰。換句話說,這是第一款適用于蘋果5及以上iphone最新機(jī)型的密鑰。 安全專家強(qiáng)烈推薦使用硬件安全密鑰。它們提供了一層額外的保護(hù)——用術(shù)語來說就是在密碼之外又提供了第二因素身份驗(yàn)證。它們通常比向您的手機(jī)發(fā)送一次性驗(yàn)證碼或使用能夠隨機(jī)生成數(shù)字的應(yīng)用程序來設(shè)置密碼更安全。Twitter、Facebook和Dropbox等服務(wù)商都支持密鑰。 可能會(huì)有人對(duì)這個(gè)想法不屑一顧——為什么每次我想登錄賬戶時(shí)都要把這個(gè)加密狗插入我的手機(jī)?斯蒂娜提前預(yù)料到了這種反對(duì)的聲音。她的密鑰你只要偶爾插一下就行。谷歌有30天的寬限期。其他服務(wù)商會(huì)給你更多的寬限。再說了,和能換來的平靜相比,這點(diǎn)小麻煩算什么? 埃倫斯瓦德將自己的發(fā)明稱為安全帶,她是在向幾十年前沃爾沃的創(chuàng)新致敬。1959年,這家汽車制造商的一位工程師尼爾斯·波林發(fā)明了三點(diǎn)式安全帶,后來成為整個(gè)汽車行業(yè)的安全標(biāo)準(zhǔn)。沃爾沃沒有申請(qǐng)專利,也沒有將這種救命設(shè)計(jì)的所有權(quán)據(jù)為己有,而是選擇宣傳推廣這種創(chuàng)新。巧合的是,同為瑞典人的埃倫斯瓦德也打算用她的發(fā)明做同樣的事情。 “即使你不提Yubico,你也應(yīng)該推廣這個(gè)標(biāo)準(zhǔn),”埃倫斯瓦德懇求道。她指的是WebAuthn,這是一種為所有此類技術(shù)賦權(quán)的開放式的認(rèn)證標(biāo)準(zhǔn)。她希望提高人們對(duì)該協(xié)議的認(rèn)識(shí),這樣會(huì)有更多的大型科技公司對(duì)此進(jìn)行推廣。直到最近,互聯(lián)網(wǎng)技術(shù)標(biāo)準(zhǔn)機(jī)構(gòu)設(shè)置萬維網(wǎng)聯(lián)盟(World Wide Web Consortium,或稱為W3C)對(duì)該技術(shù)表示支持之后,蘋果才開始增設(shè)對(duì)相關(guān)技術(shù)的兼容性(你可以在蘋果網(wǎng)絡(luò)瀏覽器Safari的測試版或?qū)嶒?yàn)版上測試該密鑰)。 一些安全密鑰不需要物理接觸就可以運(yùn)行——不需要在任何端口插入密鑰。他們使用“近場通信”或藍(lán)牙這兩種無線通信標(biāo)準(zhǔn)來交換認(rèn)證數(shù)據(jù)。但由于擔(dān)心安全問題,Yubico不會(huì)使用藍(lán)牙,而蘋果迄今也拒絕讓外界接入其NFC功能。所以,iPhone沒有非接觸式的YubiKeys密鑰。 考慮到Y(jié)ubico和蘋果之間的這種僵局(希望是暫時(shí)的),我們最好記住,拯救這么多人生命的不是安全帶的發(fā)明,而是沃爾沃的波林發(fā)明的三點(diǎn)式安全帶設(shè)計(jì)的便利性。如果蘋果公司能像長期以來谷歌對(duì)安卓系統(tǒng)上的支持一樣,讓Yubico這樣的公司接入其NFC,我們將會(huì)看到真正的進(jìn)步。(財(cái)富中文網(wǎng)) 譯者:Agatha |
Stina Ehrensv?rd is creating "a seatbelt for the Internet. The CEO and founder of Yubico, a startup that designs online account-securing fobs, says as much as she enthusiastically slaps a package on a table at Fortune’s offices. Inside the plastic container: Her latest product. It’s the first Lightning-port compatible hardware security key. Translation: the first security fob that works with Apple’s latest iPhones, generations 5 and later. Hardware security keys come highly recommended by security experts. They offer an additional layer of protection—a second-factor, in the parlance—over passwords alone. They’re generally more secure than sending a one-time code to your phone, or using a random number generating application to produce the codes. Services such as Twitter, Facebook, and Dropbox support the keys. Before one dismisses the notion—why am I going to stick this dongle into my phone every time I want to log into one of my accounts?—Stina anticipates the objection. You only have to stick in the key every so often. Google lets you have a 30-day grace period. Other services give you more leniency. Besides: What's a minor inconvenience for so much peace of mind? In calling her invention a seatbelt, Ehrensv?rd is hearkening back to decades-old innovations at Volvo. In 1959, Nils Bohlin, an engineer at the carmaker, created the three-point seatbelt, which became the standard for safety across the auto industry. Instead of filing patents and keeping the life-saving design proprietary, Volvo chose to evangelize the innovation. Ehrensv?rd, who is, coincidentally, also Swedish, aims to do the same with her invention. "Even if you don’t write about Yubico, you should promote this standard," Ehrensv?rd implores. She refers to WebAuthn, an open authentication standard that enables all this technology to work. She wants to raise awareness about the protocol so that more big tech companies roll it out. Apple only recently began adding compatibility after the World Wide Web Consortium, or W3C, an Internet standards body, gave its blessing to the tech. (You can test the keys out on the beta, or experimental, version of Apple's web browser Safari.) Some security keys work without physical touch—no sticking keys in any ports. Instead, they use " near-field communication " or Bluetooth, two wireless telecom standards, to exchange authentication data. But Yubico won't touch Bluetooth, for fear of security issues, and Apple has so far refused to let outsiders tap into its NFC capability. So, no contactless YubiKeys for iPhone. In considering this (hopefully temporary) impasse between Yubico and Apple, one might do well to remember that it wasn't the invention of the seatbelt that saved so many lives, but the convenience of the three-point strap design that Volvo's Bohlin pioneered. If and when Apple buckles up and lets companies like Yubico tap into NFC, as Google has long enabled on Android, we'll see real progress. |
-
熱讀文章
-
熱門視頻