I just discovered them
this morning. This is truly a genius idea.
You may be familiar with RSA SecurID
. Basically, it's a little electronic tag that has a little LCD display on it that changes every 60 seconds. In order to login to your network, you have to type in the current number. It's secure, but it has its problem.
Yubikey seems to solve those problems and more. Yubikey is a USB keyboard with one button. You push the button and it types in the one-time key. This avoids hardware keyloggers, and it avoids anyone getting the number just by looking at the key. All the software for dealing with these keys is open source, and they even have an OpenID server. So you can setup your own systems to use Yubikey without paying for any fancy servers. You can also use your Yubikey for many different sites, instead of just one site. You can also have a passkey or passphrase for your key, which gives you the very strong "something you have, something you know" security for your every day computing.
I'm totally ordering at least two of these. Anyone else want one? If we order 10 or more, we get $5 off.