WONDER WOMAN IN CYBER
Stina Ehrensvard is the CEO and founder of Yubico. With a background in industrial product design, she is the co-inventor of the YubiKey strong authentication key, and a leading visionary behind FIDO U2F, FIDO 2 and WebAuthn open authentication standards.
Stina is an accomplished speaker on internet identity, security, and entrepreneurship, having addressed audiences at the Oslo Freedom Forum, CES, RSA, SXSW, Wired Security UK, and the White House Cybersecurity Summit, among others.
She has has been awarded many international accolades during her career, including most recently named as the Most Powerful Swedish Woman Entrepreneur 2018 by the Swedish Business Press.
Why did you get into cybersecurity?
I was signing up for online banking in 2005 when my husband Jakob, a white hat hacker, leaned over my shoulder and said he could write the code to hack and empty my account within hours. That’s when Jakob and I decided we had a mission – to build a security key that makes secure login easy and available for everyone. Three years later, we launched the YubiKey, with the vision of one single security key to access computers, phones, networks and online services—all in a simple touch. Now, 11 years later, the YubiKey is loved by 9 of the top 10 internet companies and used by millions of users in over 160 countries around the globe.
What cybersecurity issue is monopolizing most of your time or are you most concerned about?
Nearly every digital experience today requires passwords, an increasingly frustrating fact of life for businesses and users. For any one person there can be hundreds of sites and devices — both personal and business related — that require memorized passwords. This leads to poor password hygiene: shared and reused passwords. And it is a real cost for businesses managing, storing and resetting passwords for employees and end-users. Beyond the cost aspect, it’s reported that 80% of breaches are due to poor credential management, leaving billions of users’ personal information vulnerable.
With so many users and organizations at risk for compromise, we began working in conjunction with Microsoft, the FIDO Alliance and World Wide Web Consortium (W3C), to pave the way for FIDO2/WebAuthn, an open-authentication standard allowing for a secure, seamless and passwordless login experience. Use cases include retail, healthcare, transportation, finance, manufacturing, and more. Today, FIDO2/WebAuthn is deployed across several applications and services, but we still have not reached wide-spread adoption. My current mission is continuing to drive FIDO2/WebAuthn forward and encouraging additional applications and services to build support. As a leading contributor to the FIDO2/WebAuthn standards, we have an important responsibility to educate and lead the rest of the ecosystem to adopt these open standards. Not just for authentication, but eventually for payments, IOT and other use cases.
Stina's Cybersecurity Tip
Whenever possible, enable two-factor authentication. And even more importantly, use a security key as your method of authentication. Physical hardware security keys prevent against major attacks such as SIM swapping and phishing that other methods such as SMS text messages aren’t able to effectively prevent against. Taking this simple step now will save you a whole lot of headache later down the line.