Two-Factor, Multi-Factor, or Passwordless Authentication with the YubiKey

Description

DESCRIPTION:
Yubico believes that everyone deserves strong, easy, and affordable authentication, and we are committed to helping every internet citizen take control of their online identities. That’s why we invented the YubiKey — a multi-protocol multi-factor authentication (MFA) device used by millions around the globe — and co-authored the FIDO U2F, FIDO2, and WebAuthn open authentication standards. The DeveloperWeek NYC Hackathon is your opportunity to ensure the innovative product(s) you're building are also secured with strong authentication using a YubiKey.


OUR CHALLENGE:
We want security to be a top priority during the Hackathon, and also easy to implement! Any connected device, mobile application, web service, or network requires adequate protection for user data and privacy, and the YubiKey is designed to make that a possibility with easy and strong authentication.

Our challenge is to incorporate YubiKey MFA support into a stand alone project, or any number of other DeveloperWeek challenges. Working with the YubiKey is flexible and agile as it supports multiple authentication protocols, including one-time password (OTP), smart card (PIV), OpenPGP, FIDO U2F, and FIDO2/WebAuthn. YubiKeys are compatible with Microsoft Windows, Mac OS X, Linux, and Chrome OS operating systems; major web browsers (Opera, Chrome, and Firefox); and iOS, Android and Windows mobile devices.

Yubico has published integration libraries, plugins and documentation, which you can use to make your project work with the YubiKey. All YubiKey authentication protocols are welcome. Yubico employees will also be on site at their hackathon table to help answer integration questions.

Integration Use Case Ideas:
- Add hardware-backed passwordless authentication to your service or application by integrating the YubiKey using the FIDO2 / Web Authentication standards.
- Add hardware-backed multi-factor authentication by integrating the YubiKey using the OTP (one-time password), FIDO U2F, or FIDO2/WebAuthn authentication standards.
- Store secrets on a YubiKey instead of the file system. Use it to generate certificates, sign, encrypt, and decrypt data by integrating PIV or OpenPGP.

TEAM INSTRUCTIONS:
Visit Yubico’s table to familiarize yourself with the functionality of the YubiKey, and receive a complimentary YubiKey for your challenge.

Decide if you want to build a stand-alone solution with the YubiKey, or if you would like to add YubiKey MFA functionality to another DeveloperWeek challenge you are working on.

Establish what authentication protocol you would like to use for the integration. This is primarily dependent on how much time you have for the challenge, what type of data you are protecting, and what type of user experience you want to offer your users.

Review YubiKey documentation from developers.yubico.com to begin integrating with the YubiKey.


JUDGING:
Yubico judges will evaluate projects based on YubiKey integrations, but also the larger project as a whole. While the technical security architecture and implementation is critical, we are also looking for innovative solutions that address unique or important use cases for consumers and/or enterprises. Each challenge will be judged based on the following criteria:

- Originality/Innovation: How original or innovative is this solution compared to other products and platforms already available on the market? The challenge should provide a unique approach to solving a problem.

- Impact: What is the potential for the project to drive immediate real-world impact?

- Security and User Privacy: To what extent does the solution ensure user data is safe and kept private?

- Design / User Experience: How easy and intuitive is use of the solution? Does it adhere to Yubico’s standards of frictionless, strong secure authentication using the YubiKey?

- Functionality: Working functionality of the application as submitted.

- Strategic Approach: We recognize that this is a hackathon challenge and that time is limited. While some of the integrations may not be complete or perfected, we are looking for teams who can speak to the larger vision of the project, any long-term goals, and what might have been done differently if given more time.

Challenge Type

On-Site Hackathon

Prizes

The challenge that our judges deem best aligned with the above criteria will receive US$2000 and a set of limited-edition laser etched YubiKeys -- plus, we will promote it on our website and on social media.

Projects solving this challenge

Hype

Better event photography

NFC Patient Record

Combine security with creating NFC patient records

Mockingbird

App that allows you to drop anonymous location based secrets.

Snapstation

For a fun a safe and selfie experience!

UrgentBlood.org

UrgentBlood.org connects blood donors with patients in need of urgent donations. Donors register by verifying their identity with DocuSign Phone Authentication, certifying their eligibility to donate with DocuSign Embedded Signing and Custom Branding, and sharing their location into a blockchain-backed database using NEAR. Medical professionals can then log in with a Yubikey OTP to locate eligible donors within a certain range of the hospital's geofence, and even provide directions.

MyHealth

Do you know which third parties are using your health data? MyHealth is putting the control back in your hands, providing a secure platform where only you can access your data via personal hardware authentication. Third parties may request access, which you can approve or deny after reviewing a customized agreement. Other health services can also integrate with the platform without having to store sensitive data. You decide who gets your health data, why they have it, and when they can use it.

RoboSitter

RoboSitter is a content mediator chrome extension and web app that allows parents to whitelist internet content to help limit exposure from unsafe content. DocuSign: handle legal liabilities for capturing user images using Embedded Signing, Composite Template Agora.io: Utilize streaming service to capture video for facial authentication Clarifai: Train Admin model to recognize parent from children and who has authority to edit whitelist content Yubico: U2F authentication with YubiKey

Lockberry

Lockberry is a highly-secured lockbox for the age of GDPR. It enables strong password-less authentication with your favourite Yubikey devices while allow 2-factor authentication remote access to prevent you from remote attacks.

Candisafe

Customized Home Security App

X MaRks

Incorporating multiple challenges from HERE, Yubico, DocuSign, and Near

Team Executable

We are building a micro-mobility navigation and perception stack utilizing Canon, Argora.io, Here and TomTom for redundant and safe city navigation machines.

SLAM

Security Logging Alerting Monitoring for start ups. Proactive monitoring log tool that will also give recommendations based on the security threats and alerts. Using the open source tool ELK stack to do the logging and monitoring. Yubi key and Docu sign to increase security and authenticity of application.

RentrLoc

RentrLoc adds multi-factor security to leases and short-term rentals. Renters upload an image of themselves, sign and pay the agreement with DocuSign and authenticate themselves with their Yubikey, which becomes their unique identifier, and key to the apartment. The user also uploads one or more pictures of themselves. When the renters show up to access the apartment, they verify their identity using their Yubikey and their face using Clarifai. Table number: 139 Floor: 5

Know your Crowd

Know Your Crowd lets you understand the demographics of your crowd, for targeted advertising - Get to know the average age, the racial and gender mix. We plan to use Clarifai API along with Yubicon key.

Extra Auth

We add additional layers of user authentication to applications.

WebSafe - end to end encryption and web authentication with the yubikey

Our web solution uses the yubikey to provide both authentication and in-browser encryption so that documents and other media can be delivered securely across the wire

Kyoo

WebApp that aims to reduce stress in emergency scenarios or natural disasters by helping our users find help and safety. Store vital documents in case of an emergency and be able to access them securely.

Organizations hosting challenge

Yubico

Yubico sets new global standards for simple and secure access to computers, servers, and internet accounts. The company’s core invention, the YubiKey, delivers strong hardware protection, with a simple touch, across any number of IT systems and online services. The YubiHSM, Yubico’s ultra-portable hardware security module, protects sensitive data stored in servers. Yubico is also a leading contributor to the FIDO Universal 2nd Factor open authentication standard.

Events specific to challenge

Technologies specific to this challenge

The YubiKey is a multi-factor authentication device that protects numerous systems, networks, and applications from common cyber attacks with just a simple touch. With support for multiple authentication protocols, YubiKeys are powerful and flexible enough to secure a wide range of applications including: computer logins, remote VPN, identity access management platforms, password managers, and popular online services such as Google, Dropbox and Facebook.