"A service provider who wants to add YubiKey support could chose to use OATH, [the open authentication standard], our free open source server components, or our hosted service, the YubiCloud," says Yubico CEO Stina Ehrensvard. "With a simple web API, it takes approximately 20 minutes to integrate the YubiCloud, which works out-of-the-box with a YubiKey purchased on Yubico web store."
A enterprise with up to 5,000 users that use Yubico's hardware, software and services can expect to pay $13 per year, per YubiKey—that's somewhere around $318,000 for five years. For smaller businesses, Ehrensvard says that it's possible to purchase a tray of 50 YubiKeys from Yubico's web store. This is a one-time cost of $750 and it works with the free version of YubiCloud or free open source software.
Ehrensvard said her company is working with Google and other IT giants on a new open authentication standard: "This is expected to be launched in 2014, allowing our premium YubiKey, the YubiKey NEO, to work out-of-the box with Google services and a range of other cloud and financial services."
A User's Phone Location: Toopher
The Toopher two-factor authentication solution can be installed on a company's website with just a few lines of code, and it works through an app on a user's phone. When the person begins to log onto a site, the software verifies their identity by detecting which computer they're using and where their phone is physically located.
After installing the Toopher app, the user pairs it with your web service. The first time the person tries logging onto your site from a new location, he or she must give permission to do so through the app. After that first log-in from a particular location, a user can opt to have permissions given automatically so that the app runs in the background and operates invisibly. In this way, it's different from the SMS-based two-factor authentication used by Twitter, Google and Facebook, which require users to enter a code each time they want to log in.
Toopher CEO Josh Alexander maintains that hassle will keep adoption of Twitter's new two-factor authentication option low: "Having to pull your phone out of your pocket every single time you want to do something as arbitrary as logging in is too much friction."
Toopher is free for companies with 50 users or less. While pricing can be as high as $2.50 per user per month for internal deployments, it scales to pennies per month per user for sites and companies with thousands of users.
A Smart Complement to Two-Factor Solutions
Wile it isn't a two-factor authentication provider, Redwood City, California-based Impermium protects websites and individual users from account hijacking by using proprietary statistical and machine learning models to provide threat intelligence and risk-based authentication.
Sign up for CIO Asia eNewsletters.