One tap and you're logged in: NFC two-factor authentication comes to mobile

You spent all that time setting up two-factor authentication on your laptop and work computer, but what about your mobile? Now, a USB key is offering serious but simple mobile security with a tap.

Claire Reilly Former Principal Video Producer
Claire Reilly was a video host, journalist and producer covering all things space, futurism, science and culture. Whether she's covering breaking news, explaining complex science topics or exploring the weirder sides of tech culture, Claire gets to the heart of why technology matters to everyone. She's been a regular commentator on broadcast news, and in her spare time, she's a cabaret enthusiast, Simpsons aficionado and closet country music lover. She originally hails from Sydney but now calls San Francisco home.
Expertise Space, Futurism, Science and Sci-Tech, Robotics, Tech Culture Credentials
  • Webby Award Winner (Best Video Host, 2021), Webby Nominee (Podcasts, 2021), Gold Telly (Documentary Series, 2021), Silver Telly (Video Writing, 2021), W3 Award (Best Host, 2020), Australian IT Journalism Awards (Best Journalist, Best News Journalist 2017)
Claire Reilly
2 min read

The Yubikey authenticates your online accounts through NFC.

Josh Miller/CNET

If you're security minded enough to not guard your email account with the old "12345" password, then you're probably already familiar with two-factor authentication. Want to log-in online? You'll need your password as well as a second 'key' (whether digital or physical) to verify your identity.

While the practice is well established on desktop, mobile security has been slow to catch up to quick and easy two-factor authentication, until now.

Yubico has introduced the first physical USB key that allows you to login to your online accounts on your mobile phone via NFC. The Yubikey Neo taps against your phone to verify your login credentials without need for an app like Google Authenticator.

Bluetooth gadget showcase from CES 2016 (pictures)

See all photos

Think of it like a house key. Your email address and password are like your street address, but in order to get into the house you need a physical key to open the door. The same goes here: you log into your Gmail account, for example, and when it comes time to verify yourself, you hold the key against the back of your NFC-enabled phone to authentic. If you're on desktop, just slide it into your USB port, give it a tap and you're in like Flynn.

The idea of a physical key is not new, and Yubico itself has been playing in the space for some time with a straight USB key for desktops, adding login support for Dropbox and Github in 2015. But the move to mobile is a welcome development -- particularly when you consider how portable and personal our phones are.

There are no personal details stored on they key, but it's not matched to an individual fingerprint or user, meaning anyone with the key (and, importantly, your login details) could use the Yubikey.

Still, the convenience of having a physical fob that you carry on you and can quickly use to login has a lot of potential. Since two factor authentication standards got an update last year to add support for wireless connectivity, we may see even more accessories -- like Bluetooth keyboards or your favourite wireless mouse -- get this kind of capability in the future.