Latest news with #YubiKey
Malaysian Reserve
2 days ago
- Business
- Malaysian Reserve
Stina Ehrensvärd from Sweden named EY World Entrepreneur Of The Year™ 2025
MONACO, June 6, 2025 /PRNewswire/ — Stina Ehrensvärd, founder of Yubico, was named the EY World Entrepreneur Of The Year 2025 at an award ceremony held in Monaco's Salle des Etoiles. Stina was selected from among nearly 5,000 program participants that included 52 winners across 43 countries and jurisdictions competing for the global title. She is the fourth woman to hold the title and first winner from Sweden in the award's 25-year history. Stina is a natural business leader whose determination, drive and innovative mindset has created exponential growth for her company and a lasting impact on Sweden and its people. She has built an industry-leading and highly profitable company that has set new standards for internet security. Through her unwavering commitment to creating a safer and more secure world, Stina has successfully driven systemic change — protecting digital identities, strengthening democracy and building global trust in the connected world. In 2007, she co-founded Yubico, a company with the mission to make the internet safer for everyone. Within a year the company launched its first YubiKey, a physical security key for multifactor authentication (MFA), and over the next five years, it transformed the entire cybersecurity landscape by securing work with three of the biggest technology companies in Silicon Valley. Since then, Stina has scaled Yubico to where it now protects 19 of the world's 20 largest internet companies and its compound annual growth rate (CAGR) has been 40% since 2020. Janet Truncale, EY Global Chair and CEO, says: 'Stina Ehrensvärd exemplifies the spirit of entrepreneurship, a visionary leader who is confidently shaping the future through these disruptive times. Her achievements at Yubico are remarkable on their own – consistently creating new value and making a societal impact – but Stina's story goes much deeper. Her defining philosophy that a secure digital identity is a basic human right is exactly the type of purpose-driven leadership we look to celebrate with EY World Entrepreneur Of The Year. In this milestone year marking the 25th anniversary of the competition, Stina is a truly deserving world winner and an inspiration to us all.' Stina Ehrensvärd, co-founder of Yubico, says: 'I want to express my deepest gratitude to everyone who has played a part in making this moment possible. The incredible teams within our company, the unwavering support from EY and especially the EY team in Sweden, who have cheered me on and guided me throughout this journey. I'm committed to saving the internet for democracy, for free speech, for education, for all the beautiful things we can do with it. This recognition isn't the finish line. It's fuel. We are building a safer digital world, and I won't stop until that mission is fulfilled.' The EY organization hosts the annual World Entrepreneur of the Year event to celebrate the accomplishments of visionary leaders who are shaping the future with confidence, growing the economy and answering the call to address global challenges. The annual gathering brings together founders, CEOs and business leaders for a series of networking opportunities and workshops, culminating with the announcement of the EY World Entrepreneur of the Year. The EY World Entrepreneur of the Year 2025 was chosen by an independent panel of judges against four criteria: entrepreneurial spirit, purpose, growth and impact. This year's panel included a diverse and esteemed group of entrepreneurs from all over the world, chaired by Asif Ramji, Founder and CEO of Venture Worx. Notes to editors About EY EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets. Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow. EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories. All in to shape the future with confidence. EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. Information about how EY collects and uses personal data and a description of the rights individuals have under data protection legislation are available via EY member firms do not practice law where prohibited by local laws. For more information about our organization, please visit This news release has been issued by EYGM Limited, a member of the global EY organization that also does not provide any services to clients. Eric Minuskin EY Global Media Relations +1 908 770 9758 Photo – – View original content:
Yahoo
2 days ago
- Business
- Yahoo
Stina Ehrensvärd from Sweden named EY World Entrepreneur Of The Year™ 2025
MONACO, June 6, 2025 /PRNewswire/ -- Stina Ehrensvärd, founder of Yubico, was named the EY World Entrepreneur Of The Year 2025 at an award ceremony held in Monaco's Salle des Etoiles. Stina was selected from among nearly 5,000 program participants that included 52 winners across 43 countries and jurisdictions competing for the global title. She is the fourth woman to hold the title and first winner from Sweden in the award's 25-year history. Stina is a natural business leader whose determination, drive and innovative mindset has created exponential growth for her company and a lasting impact on Sweden and its people. She has built an industry-leading and highly profitable company that has set new standards for internet security. Through her unwavering commitment to creating a safer and more secure world, Stina has successfully driven systemic change — protecting digital identities, strengthening democracy and building global trust in the connected world. In 2007, she co-founded Yubico, a company with the mission to make the internet safer for everyone. Within a year the company launched its first YubiKey, a physical security key for multifactor authentication (MFA), and over the next five years, it transformed the entire cybersecurity landscape by securing work with three of the biggest technology companies in Silicon Valley. Since then, Stina has scaled Yubico to where it now protects 19 of the world's 20 largest internet companies and its compound annual growth rate (CAGR) has been 40% since 2020. Janet Truncale, EY Global Chair and CEO, says: "Stina Ehrensvärd exemplifies the spirit of entrepreneurship, a visionary leader who is confidently shaping the future through these disruptive times. Her achievements at Yubico are remarkable on their own – consistently creating new value and making a societal impact – but Stina's story goes much deeper. Her defining philosophy that a secure digital identity is a basic human right is exactly the type of purpose-driven leadership we look to celebrate with EY World Entrepreneur Of The Year. In this milestone year marking the 25th anniversary of the competition, Stina is a truly deserving world winner and an inspiration to us all." Stina Ehrensvärd, co-founder of Yubico, says: "I want to express my deepest gratitude to everyone who has played a part in making this moment possible. The incredible teams within our company, the unwavering support from EY and especially the EY team in Sweden, who have cheered me on and guided me throughout this journey. I'm committed to saving the internet for democracy, for free speech, for education, for all the beautiful things we can do with it. This recognition isn't the finish line. It's fuel. We are building a safer digital world, and I won't stop until that mission is fulfilled." The EY organization hosts the annual World Entrepreneur of the Year event to celebrate the accomplishments of visionary leaders who are shaping the future with confidence, growing the economy and answering the call to address global challenges. The annual gathering brings together founders, CEOs and business leaders for a series of networking opportunities and workshops, culminating with the announcement of the EY World Entrepreneur of the Year. The EY World Entrepreneur of the Year 2025 was chosen by an independent panel of judges against four criteria: entrepreneurial spirit, purpose, growth and impact. This year's panel included a diverse and esteemed group of entrepreneurs from all over the world, chaired by Asif Ramji, Founder and CEO of Venture Worx. Notes to editors About EY EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets. Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow. EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories. All in to shape the future with confidence. EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. Information about how EY collects and uses personal data and a description of the rights individuals have under data protection legislation are available via EY member firms do not practice law where prohibited by local laws. For more information about our organization, please visit This news release has been issued by EYGM Limited, a member of the global EY organization that also does not provide any services to clients. Eric Minuskin EY Global Media Relations +1 908 770 9758 View original content: SOURCE EY Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Techday NZ
6 days ago
- Business
- Techday NZ
Exclusive: Yubico's Ronnie Manning discusses the importance of 'the human touch'
Artificial intelligence may be taking centre stage when it comes to digital innovation - but when it comes to cybersecurity, Ronnie Manning says the strongest defence remains "reassuringly human." "From a security standpoint, it still holds that we have to be able to prove in this world of AI that we're still human," Manning, Chief Brand Advocate at Yubico, explained during a recent interview. Manning highlighted the increasing sophistication of phishing, deepfakes, and identity spoofing powered by AI - threats that traditional security measures like passwords and SMS codes can no longer withstand. "Basic authentication just isn't enough," he said. "Traditional passwords are reused, stolen, and easily guessed. One-time passcodes can be intercepted or socially engineered out of someone. But you can't trick a YubiKey." The YubiKey, a small USB or NFC-enabled device, provides what's called phishing-resistant authentication. Unlike password-based systems, it cannot be accessed or triggered remotely. The key must be physically tapped or inserted to function. "There's no extractable code that can be stolen or shared," Manning explained. "It 100% requires that human touch." As Chief Brand Advocate, Manning is focused on awareness and education around how physical keys are emerging as a first line of defence. The push comes at a time when AI is reshaping both cybercrime and cybersecurity alike. "Everything at RSA this year was about AI," he said, referring to the global security conference held in San Francisco. "But among all that innovation, the question remains: how do we prove we're real people accessing our own accounts?" Yubico's answer is a physical key that seamlessly integrates with enterprise and consumer services. Platforms like Microsoft, Google, Okta, and countless others have adopted native support for security keys. "It's like a house key," Manning said. "You have to physically have it to get in." Two-factor authentication with a physical key is already seeing adoption beyond the tech sector. Cathay Pacific, the Hong Kong-based airline, introduced passkey login for its loyalty programme in May this year, bringing passwordless access to its customers. Meanwhile, Air New Zealand has supported physical security keys for over a year - and explicitly lists YubiKey as a recommended device for securing accounts. "Security keys are devices or features used to enhance the security of your online account," Air New Zealand's own guidance reads. "A physical security key, like YubiKey, is a small and portable hardware device that you can carry with you to verify your identity." The airline provides step-by-step instructions for linking a YubiKey to a frequent flyer account - including purchasing a key, enabling the security feature, and completing log-in via a physical tap. For Yubico, this kind of adoption is a major milestone. "You love to hear that," said Manning. The appeal is growing as AI-driven scams evolve rapidly. Whether it's cloned voices used in social engineering calls or websites mimicking familiar services with near-perfect accuracy, Manning said the pace of attack sophistication is outstripping traditional defences. "We're seeing deepfake video, phishing emails, fake reset pages - all of this can now be spun up instantly," he explained. "But if I don't use passwords or one-time codes, those attacks fall flat." Manning emphasised that YubiKey technology goes beyond just human interaction - it also verifies the authenticity of the services being accessed. "It actually checks if the login page is the correct origin before sending a credential," he said. "So even if an attacker builds a perfect replica of, say, a Google sign-in page, the key won't trigger unless the destination is verified." Crucially, the YubiKey ecosystem is expanding. Manning noted the steady rise in support for passkeys - cryptographic credentials designed to replace usernames and passwords altogether. Stored either on a YubiKey or securely in device-based password managers, passkeys remove the weakest link in digital authentication: the password itself. "We want to eliminate passwords. We want people to have the highest level of security delivered in an extremely easy experience," he said. "With a YubiKey, all I have to do is touch the device and I'm securely logged in." Enterprises are beginning to take note, with many deploying YubiKeys across their entire workforce. "The goal is to make every employee phishing resistant, which ultimately makes the enterprise phishing resistant," Manning said. And the strategy works just as well at home. Yubico encourages individuals to use YubiKeys for personal accounts and even secure their password managers with the device. "Good hygiene at the office can blend with good hygiene at home," Manning explained. Looking ahead, Yubico is focused on further expanding passkey support. "We're working with partners to get passkeys into as many apps and services as possible," Manning said. "Every week, new platforms are coming on board." But no matter how advanced the tools or how rapid the AI breakthroughs, Yubico's core philosophy remains rooted in the physical - and personal. "We want organisations to feel confident that the people accessing their systems are the right people," said Manning. "In a world of AI, the human touch still matters most."
Atlantic
22-05-2025
- Atlantic
The Secrets of the World's Greatest Privacy Experts
You could easily mistake Alec Harris for a spy or an escaped prisoner, given all of the tradecraft he devotes to being unfindable. Mail addressed to him goes to a UPS Store. To buy things online, he uses a YubiKey, a small piece of hardware resembling a thumb drive, to open Bitwarden, a password manager that stores his hundreds of unique, long, random passwords. Then he logs in to a subscription service that lets him open virtual debit cards under as many different names as he wishes; Harris has 191 cards at this point, each specific to a single vendor but all linked to the same bank account. This isolates risk: If any vendor is breached, whatever information it has about him won't be exploitable anywhere else. Harris has likewise strictly limited access to his work and personal phone numbers by associating his main phone with up to 10 different numbers. He has burner numbers and project-specific numbers, a local-area-code number to give out to workers coming to his house, a dedicated number for two-factor authentication, and a number from a city where he previously lived that he doesn't use much anymore but is helpful for ambiguating his identity in databases. He has additional numbers that, through a fancy hardware modification, even his mobile carriers can't associate with the device. He can also open multiple browser sessions on the phone, each showing a different IP address, which limits tracking and prevents websites from aggregating information about him. In a safe at home, Harris keeps prepaid anonymous debit and gift cards (Google Play, Apple Gift), prepaid SIM cards, phones for use in Europe, a Faraday bag (to shield wireless devices from hacks and location tracking), a burner laptop, and family passports. He also carries a passport card, a wallet-size government-issued ID that, unlike a driver's license, doesn't show his address. When using Uber, he provides an intersection near his house as his pickup or drop-off point. For food deliveries, he might give a random neighbor's address and, after the order is accepted, message the driver, 'Oops, I typed out the address wrong. Let me know when you're here, and I'll run out.' Harris is the CEO of HavenX, a firm that provides its clients with extreme privacy and security services. It was spun off from Halo, which focuses on government clients, in 2023. HavenX customers, some of whom pay tens of thousands of dollars a month, typically face serious threats. Some are celebrities or ultra-wealthy families. Others are business executives—interest from this group has risen since the killing of UnitedHealthcare CEO Brian Thompson last year. The recent Signal leak, too, in which the editor in chief of this magazine was erroneously added to a high-level Trump administration group chat, triggered more than a few corner-office freak-outs. Many HavenX clients come from the cryptocurrency world: Some made a fast fortune and, because they can't park their crypto in a bank, are unusually vulnerable; some run crypto companies and are seen, accurately or not, as controlling access to other people's digital wealth. The recent crypto-market boom has brought a wave of kidnappings, in which some crypto owners have even been held for ransom or tortured into surrendering the keys to their coins. Harris said the first quarter of this year was HavenX's busiest since the spin-off. Lots of companies, including giants like Kroll, are in the security business, but HavenX has positioned itself as a boutique solver of exotic problems. During one of our conversations, Harris mentioned a recent case where the chief information-security officer at a large company with its own intelligence team called him. An executive at the company was being extorted, and the company's investigators had managed to link the extortionist to an X account, a Telegram number, and an African phone number, but they hadn't been able to learn their real-world identity. 'That's where their capability stops,' Harris said. 'It's where we say, 'That's interesting,' and we start.' Harris's own privacy concerns are less acute, but he takes both a professional's and a hobbyist's interest in cloaked living and finds it useful to have direct experience with methods he recommends to clients. He lives with his wife, Ellyn, a psychotherapist, and their two sons on an affluent edge of Washington, D.C., in a greige clapboard house tucked away on a street that doesn't get much traffic. A basketball hoop stands at the end of the driveway. When I visited earlier this year, snow covered the front yard, and a braided-rope bone and a red Kong chew toy were half visible. A tall, fit 43-year-old, Harris answered the door with a welcoming smile. I had been able to find the house only because he told me the address in advance. When I'd looked up his name in a paid database where you can reliably find such information, I'd seen other addresses for him but not this one. After Harris gave me the address, I searched for it and found only the name of a trust. Also: Harris doesn't have a dog. The toys out front were for show, a subtler version of a fake home-security-system sign. From a cabinet in his office, Harris pulled a sheaf of legal documents and began to show me how he managed his double life. Achieving residential anonymity had been a process. When he bought the house, he'd set up the trust using a close friend as the trustee; once the home purchase was complete, the friend resigned and named Harris as his successor. Mail sent here, including near-daily Amazon deliveries, is addressed to either the trust or some other name, whether a random pseudonym Harris used when filling out a form or something generic like 'postal customer.' He showed me a holiday card he'd received at the house the day before, and a text exchange from that morning with the friend who'd sent it. 'Thanks so much, love the pic on the back,' he had written. 'Small favor. Our address is unlisted. So would you mind using this for mail.' Harris had then typed the address of the UPS Store. 'Anything with our names on it goes there.' At least one such holiday-card misdirection occurs every year. 'This is a super-nice family, and I want them in our lives, and so I want to be nice about it,' Harris told me. As we sat there, a text came in from the friend, affirming that from now on, he'd use the other address. As Harris walked me through the esoteric gear and practices that let him live as if he's in Witness Protection, there was a tinge of excitement in his manner, like he was a guitar enthusiast giving a tour of his home studio. Harris is instinctually private. He recalled his mother asking him how school was one afternoon when he was 5. 'Fine,' he said. That evening, when she was giving him a bath, she found stitches in the back of his head. He'd fallen at school. 'This is 1987,' Harris said, 'and the school just didn't call.' Today he has professional reasons for not being easily accessible, and his precautions have been effective. After a breach last summer, several HavenX clients who hadn't done full privacy resets received an email with a picture of their house and an accompanying message: You've been watching porn. Pay us one bitcoin and we won't tell your employer. 'And so my wife got one of those,' Harris recalled, 'and I was so pleased 'cause it had a picture of the front of the UPS Store.' It's extraordinarily hard, when every one of us is ceaselessly flaking off informational DNA, to live privately. And if you're targeted by a nation-state with a signals-intelligence dragnet, forget it: Your face, or voice, or gait, or how you move your mouse will betray you. A properly equipped snoop using a method called Van Eck phreaking can replicate the contents of your laptop screen from an adjacent hotel room, even if your computer isn't equipped for Wi-Fi or Bluetooth, by detecting variations in electromagnetic radiation. The Pentagon has tested an infrared laser, Jetson, that can nail your identity from 200 yards away based on your signature heart rhythms, a Department of Defense official involved with the project told MIT Technology Review. Jeff Bezos claimed he was phished by Mohammed bin Salman, crown prince of Saudi Arabia, who allegedly infected the world's third-richest person's phone with spyware via a video attachment in a WhatsApp message. If Bezos was right—the Saudi embassy denied it and an FBI investigation was inconclusive, but UN experts believe the crown prince was likely the culprit —then what hope do the rest of us have? From the May 2022 issue: The price of privacy But for most people, Big Brother is a multinational corporation, thanks to our blithe surrender of privacy over the past two decades in return for conveniences such as free email, supercomputers in our pockets, same-day package delivery, and the names of third and fourth cousins we'd never heard of before. We now inhabit a panopticon of doorbell cameras and traffic cameras and Google Street View cameras and police body cameras and phone cameras and retail security cameras and the cameras of Mark Zuckerberg's Ray-Ban Meta 'smart glasses'; of geolocating phones and AirTags; of eavesdropping Siris and Alexas. Apps and mobile carriers can pinpoint not just what building you're in, but which floor you're on, by using your phone's barometer and GPS, and the strength of your signal. Much of that information is sold almost instantaneously through an automated shadow economy of location-data brokers. So is your precise behavior in stores such as Walmart, where unseen Bluetooth beacons record which products you linger in front of. So are countless other details about you that you may or may not want people to know. And in the past few years, as corporations have become more and more dependent on cloud storage, the number of data breaches in the United States has exploded, nearly doubling from 1,801 to 3,205 annual incidents from 2022 to 2023, according to the nonprofit Identity Theft Resource Center. Most of us—ignorant, indifferent, overwhelmed—shrug. At best, maybe we half-heartedly comply with a 'Five Things You Need to Do Right Now to Protect Yourself Online' LinkedIn thread, such as using a password manager and two-factor authentication. Others, including Harris and his clients, have taken more radical steps, and they have done so by drawing, knowingly or not, from the tradecraft of a former cop named Michael Bazzell. It was from Bazzell that Harris learned how to set up his trust and got the ideas for the passport card and the dog toys. On a bookshelf in his home office, alongside Jaron Lanier's You Are Not a Gadget, is Bazzell's exhaustive guide to this dark 21st-century art: Extreme Privacy: What It Takes to Disappear. Bazzell is something of a real-life Ed Galbraith, the Breaking Bad character known as the Disappearer, who sells and repairs vacuums by day, and by night sets people up with new lives and identities. Unlike Galbraith, who offered his services to fugitives, Bazzell consulted for law-abiding people who wanted to be unfindable by strangers. Some were government officials who'd put violent people behind bars or been swarmed by online mobs. Some were entertainers who wanted to be famous but also have peace of mind. Some were targets of deranged obsessives, such as homicidal exes. Some were dangerously rich. And some simply objected to the nosy predations of surveillance capitalism. Bazzell also published several thick editions of his privacy bible and recorded hundreds of podcast episodes on topics such as 'Lessons Learned From My Latest Doxxing Attack' and 'Consequences of Product Refunds.' Over time, he developed an audience that was similarly enthralled by privacy and excited by the rigor and creativity he brought to the subject. Issues of his Unredacted extreme-privacy e-zine would typically get more than 60,000 downloads. Then, in September 2023, all 300-plus episodes of his podcast vanished from the internet, and Michael Bazzell disappeared. Devoted fans speculated that he had died, had been abducted, was in a foreign prison, or had had a nervous breakdown. Two months later, he published a blog post, ' My Irish Exit,' explaining that an opportunity had come up for him to spend three months as an 'imposter' in the world of the rich and famous, which he normally served but otherwise kept at a distance. 'What's next? I am not ready to share that, and may never go public with it. I have my aliases established. The shell company is in place. The anonymous payment account is ready.' He continued, 'The better question is, what is YOUR next chapter?' His website kept operating, but it said Bazzell's firm was no longer taking on new clients. Bazzell had had his own awakening in 2001, as an Illinois beat cop turned cybercrime detective. His work had led to the arrest of a local elections official for soliciting sex from a 14-year-old girl. Amid the ensuing media coverage of that and similar arrests, internet anons made death threats against Bazzell, and he was shocked to learn how easy it was to find his home address online. Soon after, browsing at the library, he discovered How to Be Invisible, a book by a missionary named J. J. Luna. Assigned to the Canary Islands in the 1960s, when Spain's Franco government was persecuting Protestants, Luna was forced to live undercover. When he returned to the U.S. in 1988, he decided to maintain his private lifestyle and publish a book showing others how they might do the same, using LLCs, 'ghost addresses,' and other tricks. Bazzell resolved to execute all of the practices Luna recommended, effectively going off the grid. Over time, student surpassed teacher. Bazzell pioneered or updated many of the privacy hacks now taken as standard. To obtain an ID without betraying one's location, Bazzell recommended establishing residency in South Dakota, which is distinctly friendly to year-round RVers and other nomads. For sending mail without divulging your address, Bazzell preferred a private remailer service also based in South Dakota. He was a proponent of 'data poisoning'—the deliberate spreading of disinformation about oneself by, for instance, subscribing to magazines or signing up for internet service using false personal details—to make it harder for anyone to locate your real information. He helped clients with the financial means obtain second citizenships. His podcast often focused on products he'd been testing that were privacy-enhanced alternatives to mainstream devices and apps, such as Tuta (an email and calendar service), Linux Pop!_OS (an operating system), and MySudo (an app for managing online identities). Though he catered to people in dire situations, Bazzell also experimented on himself. To ensure that his cellphone was never associated with his address, he kept it off and in a Faraday bag until he arrived at a four-way intersection some distance from his home. He submitted a fake obituary for one of his aliases to Mindful of the increasing prevalence of automated license-plate readers on tow trucks, taxis, police cars, and other vehicles, he used magnetic license-plate holders and removed his plates whenever he was parked somewhere overnight. Forgoing cloud storage, he backed up his data on a flash-memory card the size of a fingernail, concealed the card in a hollow nickel, and then, while in the bathroom at a friend's house, unscrewed an electrical plate and hid the coin behind it. (When he later needed to access the backup, he had to call the friend and reveal what he'd done.) He set up a bait website with his real name and connected it to some analytics software in order to glean information about who was doing searches on him. He'd routinely investigate himself, scouring databases to make sure he couldn't find actionable information on his own whereabouts. To throw off gait-recognition systems, which have popped up in Beijing and Shanghai, among other places, he tried wearing two sizes of the same shoe. All the while, Bazzell remained a cipher. He never revealed where he lived or spoke of his personal life, and you couldn't easily find a photo of him. But several years ago, he befriended a writer and podcaster named Javier Leiva, and three episodes of Leiva's own podcast, Pretend, focused on Bazzell and his work. It proved a tricky project. 'We all use Google apps,' Leiva told me. 'That did not fly with Michael Bazzell. We had to use encrypted note-taking apps. It was a process. Nothing was easy.' Leiva recalled Bazzell saying that when he attended his sister's wedding, he prearranged for the photographer to keep him out of shots. On a recent Sunday, after several weeks of back-and-forth mediated by one-named associates of Bazzell's ('Laura,' 'Samantha'), and after I gave an assurance that I wouldn't record our conversation, Bazzell called me on Signal from a number he told me he'd created just for our interaction and would become useless 10 minutes after it ended. We spoke for more than an hour, and he cleared up a few things. Leiva had speculated to me that Bazzell kept his podcasts off the internet because of a concern about voice cloning, but Bazzell gave a simpler explanation: Much of the information was now out-of-date. 'I enjoyed it,' he said. 'But the market is saturated now. There are so many YouTubes and podcasts.' On the subject of tradecraft, Bazzell also told me that he follows what privacy people call a 'gray man' strategy—doing whatever he can to not draw attention. 'I don't wear logos on my clothing,' he said. 'If I'm in New York, I'm probably wearing a lot of dark-gray clothing to blend in. On a Caribbean island I don't, because it would stick out.' Nor will you find him driving a Cybertruck; he opts for popular cars in popular colors. An irony of the life he's chosen is that out-of-date tech can make for the most up-to-date privacy strategy. He tells clients not to back up their home security cameras to the cloud. Instead of using Spotify, he listens to music on a portable player with a 1.5-terabyte card holding 'every album I can imagine wanting.' Neighbors who know Bazzell's real first name don't know his last. Some of the people who work for him have met him, but none of them are employees. Each of his 'colleagues,' as he calls them, has an individual LLC. He doesn't know their Social Security numbers or dates of birth. He wants them to understand privacy by practicing it. Bazzell has long spoken about 'privacy fatigue,' an avocational hazard given the constant vigilance that extreme privacy measures entail and the technological complexity they can involve, but after 20 years, he told me, it doesn't affect him anymore. Recently, he's been working on ways to inject false information into the troves of breached data that surface on the internet. Although it has become harder than ever to be private, 'the good news is, more people are grasping the concepts,' Bazzell observed. 'People now understand why us privacy weirdos have been making noise about this for so long.' There's a cost to living this way. To do it right, severing your present self from the history you've accrued in corporate databases, requires a complete reboot. This means either becoming fully nomadic or moving homes and implementing privacy from day zero of your new life. You must consider everything from your car's registration to your house's utility hookups, and the measures required to prevent a misstep can be comically elaborate. A reboot is common in Bazzell world. Alec Harris did one too. Because utilities want to know who's going to be paying the bills at a particular residence, Harris, when setting up water and gas, offered a $500 deposit and, to persuade the customer-service reps to forgo a personal name on the accounts, claimed he was a property manager named Tom. 'The owner's a nutjob, so help me out here,' he told the technicians. 'And they were like, 'Okay.'' Buying a car presents special difficulties. Harris likens them to cellphones for how they collect and upload information—about your location and driving behaviors, among other things. A work-around Bazzell likes is to buy fleet insurance (designed for companies that operate a fleet of vehicles), which you can do through a business entity, but that approach is expensive. Instead, Harris followed a detailed script laid out by Bazzell, calling a dealer to say he wanted to come in for a test drive, then canceling at the last minute, then calling again when he was outside the dealership and trying to fast-talk a salesman into forgoing the usual ID check. They looked at him. 'They were like, 'Yeah, you're not getting in the car without scanning your driver's license,'' Harris recalled. 'My attempt at social engineering was not going anywhere.' He handed over his ID. To buy the car, Harris ended up registering it at an alternative residence, but when he asked whether the dealership could disconnect the built-in GPS, he was told the car wouldn't run without it. The rudiments of daily life can also be cumbersome. Harris recalled setting up a new TV with Disney+ and having to undo some autofilled information and replace it with his abstruse AnonAddy email address, then typing out one of his extra-long passwords only to get a character wrong and have to start over—all while his young children became antsy. 'And so then you've got two kids sitting there, and they're like, 'I want Domino's,' and 'I want to watch Mulan.'' He laughed. 'That's the price you pay.' Sometimes the price is literal. None of the purchases Harris makes through earns credit-card points. 'Maybe over the course of some period of time, that means we're paying for an extra flight somewhere,' he said. He has Amazon Prime, but he can't use its discount at Whole Foods, because he doesn't want to use their verification methods. There can be more significant financial consequences as well. 'My credit score has decreased,' Bazzell said. 'Getting a loan would be difficult. Some consumer databases show me as deceased.' Harris has also sacrificed convenience. Some of the alt-tech he uses, such as the search engine DuckDuckGo, isn't always as effective as the mainstream tools. 'Sometimes you just need to Google something,' he said. Then there are logistical frictions. Once, at Dulles Airport en route to a wedding in Toronto, he wasn't allowed through security, because his passport card, although valid for overland entry to Canada, wasn't acceptable for international air travel. He had to change his family's flights and run home for his passport. I confessed that I was already confused. How, for instance, did he remember which of his 10 phone numbers to use for what? 'Yeah, I don't know,' he replied. 'It is confusing. And if you were a new client, I would not be dumping this much. We would be starting a little slower.' Living this way, he acknowledged, incurred a '20 percent cognitive' overhead. As Harris drove us to lunch, we stopped at the UPS Store, where his mailbox was empty. Harris gestured toward the guys behind the counter, whom he and Ellyn had befriended, often ordering food for them during the pandemic. That generosity could make a difference when, say, a letter addressed to the trust came to the mailbox held under his and Ellyn's names. Though UPS wouldn't normally deliver that letter, 'they let it slide,' he said. Harris has a client in Florida who is diligent about following privacy protocols but is also quiet and a little gruff. 'I was like, 'You've got to be nice to these people,'' Harris recalled. ''You come off as kind of not warm, and so you need to turn on the charm a little bit.'' This is the behavioral side of privacy. If you're committed to being private, you can't indulge your everyday asocial tendencies. Imagine, Harris will say to a client, doing all of this work, then getting into a fender bender: If you start yelling at the other driver, and the accident gets reported to an insurance company, and a plaintiff's lawyer gets involved, you could find yourself being subpoenaed for documents and more generally having your life probed. Instead, Harris told me, you just need to be like, 'Hey, so sorry, let's take care of this.' Harris told me it's important to have 'repeatable privacy excuses'—lines to disarm people who might deem a request suspicious. The fictional property manager is one of his. Another is that he works in the privacy business. But he's uneasy with the constant fibs recommended by Bazzell, who has sometimes told whoppers, such as describing his adult client as a child under the age of 13 in order to get her name and address removed from a website. During his time in D.C., Harris said he's known people who previously worked undercover for the government, and has observed the mental and spiritual costs of living inauthentically. 'I don't need to subject myself to that, and I definitely wouldn't want the kids or my wife to have to live like that,' he said. People who'd lived double lives told him they'd kept their personas '90 percent real, 10 percent fake,' he said. 'It's just easier.' He told me he hadn't used the property-manager excuse in years. It turns out that the guy coming over to help you with a water leak generally doesn't even ask your name. 'I don't have to do a whole story,' he said. 'I'll just say, 'Hey, do you want a cup of coffee?' And we're good.' Privacy remains a game of haves and have-nots. Harris explained that the majority of HavenX's clients are in the U.S., partly because many of its techniques are specific to the country's unique patchwork of federal and state privacy laws. A person who goes by the name 'M4iler,' a privacy hobbyist based in the Czech Republic whose phone numbers include one that leads to a recording of Rick Astley's 'Never Gonna Give You Up,' told me, 'What Michael Bazzell says is great, and I assume works perfectly in the U.S. if you follow the steps, but laws are different in other countries.' A company doing business under an alias, for instance, isn't an option there. 'So that's kind of a problem,' he told me. Celebrities have both advantages and disadvantages when it comes to privacy. Harris noted that if you're as famous as, say, the Rock or Christina Aguilera, 'as soon as you move in, everyone on this block is going to know who you are, as soon as the paparazzi follow you home one night.' But also, he added, they 'get to do things that I don't need to or couldn't do.' Matt Bills, who is based in Los Angeles and handles the physical side of privacy for HavenX clients, has relationships with concierges at top hotels. 'He'll be like, 'The Rock's coming,'' Harris said. 'They open up the back door.' Bills told me about a client for whom he'd arranged to have two identical Gulfstreams on an airport's tarmac, with a fuel truck next to each and a staircase in the middle. They decided which plane the client would board only at the very last minute. Strong privacy is a luxury good. A rich person can rent an extra apartment just to use as a mailing address; most of us cannot. HavenX's entry-level service might cost a couple thousand dollars a month, 'but it can get up into the tens of thousands a month very quickly,' Harris told me. When I asked which services might cost that much, he mentioned people who need 24/7 monitoring of the dark web for particular information, like a CEO who wants to know immediately if a specific combination of terms shows up in a data breach—such as his name along with his child's name and the name of the child's school. Others, with fewer resources, might sacrifice the normalcy of their lives. Jameson Lopp is a software engineer and bitcoin booster who was living in Durham, North Carolina, when, in 2017, local police received a call from someone who said he had just killed someone at Lopp's address, was holding hostages, and had rigged the front door with explosives. Lopp's house was soon surrounded by dozens of rifle-brandishing police. He'd been a victim of ' swatting ': a dangerous hoax in which a false report is made to trigger a law-enforcement response to a specific address. Afterward, Lopp resolved not to let something like that happen again. Over the next several years, he spent by his estimation more than $100,000 to effectively disappear, going so far as to rent a decoy apartment and hire private investigators to test his defenses by trying to find him. Now he runs security for Casa, a company he co-founded that offers safe storage for digital assets. Even his family members don't know his address, he told me; if they're visiting, he'll pick them up at another location and then bring them to his house. His neighbors know him by a different name, and he segregates his relationships, never socializing at the same time with people who know his real name and people who know him by an alias. 'A big part of what I do is lying,' he told me, 'and I think that that's one thing that a lot of privacy advocates don't really talk about: If you really want to be private, you have to get comfortable with lying. You have to think of it as a tool that you're using to defend yourself.' Lopp wouldn't tell me whether he has a spouse or children, but he observed that privacy 'becomes an order of magnitude more complex as you add more people into the machinations,' adding that 'it very much lends itself to a lone-wolf type of lifestyle.' 'What do you think of our life?' Ellyn Harris asked me. She smiled warmly. 'Do you think we're so weird?' Alec's wife, between Zoom appointments, had joined us, and we were talking about raising a family inside a privacy cone. Alec had eased Ellyn into privacy practices, starting with the Bitwarden password manager. 'I remember sitting with him on our couch in D.C., in our old condo,' she said, 'being like, 'This seems really hard. I don't know if I want to do this. I just want everything to be the same word with the same numbers, and I use an exclamation point at the end, so that makes me unique; no one will ever find out. And I capitalized the first letter, so we're fine.'' She laughed the wry laugh of a privacy vet making fun of her younger self. But then Alec got her some hidden phone numbers. 'I didn't even think about that,' she recalled. 'That was just a way to sneak privacy into my life.' Now living privately no longer feels like such a big deal, and she's come to appreciate the emotional security that goes with it. 'She was wildly supportive,' Alec interjected. 'You do just get used to it,' Ellyn said. Using tools that at first seem unwieldy, like a password locker, comes to feel easier than not using them. I wondered, given her work in mental health, whether she thought Alec ever edged into paranoia. 'There's this idea in psychology called a learned phobia,' she said, 'where, for example, if you observe someone who has a fear of flying often enough, you could actually absorb that fear and that can become yours. So Alec's paranoia has become mine. So that means we'd both be worthy of diagnosis.' 'We could be in the same mental institution,' Alec said. 'I mean, that's the dream, right?' Ellyn said. With workers who came to the house, she started using just her middle name, Leslie, but one time James, the older of their elementary-school-age sons, said, 'That's not your name.' 'Oh my God, James, don't blow my cover,' she said, before explaining to the workman that it was her middle name. But she was clearly not quite as committed as Alec. Whenever a visitor nervously asked where the dog was, Alec would say it wasn't home at the moment. 'Oh,' Ellyn said, laughing. 'I'm just like, 'We don't really have a dog.'' Children presented several more layers of complexity. To register with the local public school, which required proof of residence, Alec had met with the admissions director, trust documents in hand. 'She had been in this job for a long time,' Alec recalled. 'She was like, 'This is a first.' She was super nice.' Ultimately, he showed the school where the family lived, and the school agreed not to put the home address in the school directory, and to use the UPS Store address for any mailings. Ellyn still frets when arranging playdates—she's trying to make mom friends—but if a mother asks for her address, she's gotten used to sending a pin drop. When one mom put the Harrises' address in her contacts, Ellyn found herself saying, ''I'm so sorry, but could you not do that?' And that's weird. But the thing is, I just tell them that Alec works in privacy.' And because they live in the D.C. metro area, she went on, 'people kind of get it.' Both Alec and Ellyn are personable, and Alec felt this was also important to the success of their privacy. 'I would say other than in this area, we're not very weird,' he said. 'If we were eccentric in all areas of our lives, it would be harder to pull off.' They know bigger questions loom as their kids get older. One of the more challenging cases Alec has worked on is that of a 'very, very wealthy guy' who was involved in the prosecution of a cartel leader, and whose daughter is a young artist who's starting to achieve some success. 'Some days she's like, 'Fuck you guys, I'm going to be famous,'' Alec said. 'He also wants to enable his daughter to have a regular life.' It's proved to be a difficult project, he added. 'They've moved twice.' For now, the Harrises' sons are young enough that they're more interested in whether a package contains Legos than whether it's addressed to a peculiarly named trust. 'Our older one has a little bit of a concept of it'—privacy—'but it's not their thing to carry,' Alec said. 'We'll have to have some decisions, Ellyn and I will, when they get phones and stuff.' 'I think our older son still is kind of thinking that Alec is a security guard,' Ellyn said. But to her question: It's not that I thought their life was weird. I could relate, in a world of nearly inescapable surveillance, to the urge to disappear. But the ongoing, escalating effort required felt Sisyphean to me. And Alec would say that even his approach, which he'd described to me as 'extreme,' is a mere half measure. The writer Gabriel García Márquez said we all have three lives: a public one, a private one, and a secret one. 'I live in the division between public and private,' Alec told me. He and Ellyn are open with each other. They use a regular bank. They have friends. They send holiday cards. 'If you want to live a secret life,' Alec said, 'that's a decision that's going to have real consequences.'
National Post
20-05-2025
- Business
- National Post
Yubico More than Doubles Global Reach of YubiKeys for Enterprises to 175 Countries and 24 Territories, Simplifying Passwordless at Scale
Article content Sorry, your browser doesn't support embedded videos. Article content Article content Expansion of YubiKey as a Service subscription and YubiEnterprise Delivery supports rising demand for streamlined, cost-effective phishing-resistant deployments Article content SANTA CLARA, Calif. & STOCKHOLM — Yubico (NASDAQ STOCKHOLM: YUBICO), the leading provider of hardware authentication security keys, today announced the expanded availability of YubiKey as a Service to all countries in the European Union (EU). This allows organizations to be more agile and flexible in their adoption of phishing-resistant YubiKeys, and builds upon the company's existing reach in markets such as the United States, Canada, Japan, Singapore, Australia, India and the UK. Article content Additionally, the company announced the expanded availability of YubiEnterprise Delivery across 117 new locations around the world. Now totalling 199 locations (175 countries and 24 territories), this more than doubles existing delivery coverage of YubiKeys to both office and remote users in a fast and turnkey way. Article content 'Enterprises today are facing evolving cyber threats like Artificial Intelligence (AI)-driven phishing attacks,' said Jeff Wallace, senior vice president of product at Yubico. 'By expanding our global reach of YubiKey as a Service and YubiEnterprise Delivery to 175 countries, we're accelerating our ability to deliver and deploy device-bound passkey solutions that address the biggest threat facing businesses today from stolen login credentials. This expansion enables us to meet growing demand and accelerates adoption – enabling faster, more affordable delivery of pre-configured YubiKeys to markets like the EU and APJ, where regulatory pressures for phishing-resistant authentication are intensifying.' Article content Rolling out phishing-resistant, passwordless security just got easier for all EU countries through the expansion of YubiKey as a Service. This innovative service provides enterprises with flexibility and simplifies the acquisition and fast roll out of phishing-resistant multi-factor authentication (MFA) with impactful cost savings. The Yubico Enrollment Suite, available exclusively through this service, now enables enterprises in these markets to accelerate passwordless adoption and seamless user onboarding with pre-configured keys to their users. This includes Yubico FIDO Pre-reg for factory-programmed, pre-registered keys as well as YubiEnroll client for in-person onboarding via Okta and Microsoft Entra ID – with more identity providers (IdPs) to follow. Article content Through these offerings, Yubico is aligning security with operational efficiency– helping organizations future-proof their workforce against evolving phishing threats. Article content Getting hardware security keys into users' hands – anywhere – is critical and needs to be fast and easy. As part of YubiKey as a Service, YubiEnterprise Delivery helps organizations achieve this by providing IT teams with powerful capabilities to easily manage the delivery of hardware security keys to users, while accelerating the adoption of strong authentication. Article content Additionally, organizations gain critical visibility into available inventory and consumption patterns of YubiKeys to ensure identification of any gaps in protection against phishing attacks. YubiEnterprise Delivery will continue to make it easy and flexible for enterprises to adopt phishing-resistant MFA and passwordless that stops account takeovers and credential phishing threats. Article content For more information on YubiKey as a Service and YubiEnterprise Delivery, visit or contact our team today. For customers with a need to ship to more countries not currently on the supported list, reach out to your local Yubico representative here. Article content Yubico (NASDAQ STOCKHOLM: YUBICO), the inventor of the YubiKey, offers the gold standard for phishing-resistant multi-factor authentication (MFA), stopping account takeovers in their tracks and making secure login easy and available for everyone. Article content Since the company was founded in 2007, it has been a leader in setting global standards for secure access to computers, mobile devices, servers, browsers, and internet accounts. Yubico is a creator and core contributor to the FIDO2, WebAuthn, and FIDO Universal 2nd Factor (U2F) open authentication standards, and is a pioneer in delivering modern, hardware-based passkey authentication security at scale to customers in over 160 countries. Article content Yubico's solutions enable passwordless logins using the most secure form of passkey technology. YubiKeys work out-of-the-box across hundreds of consumer and enterprise applications and services, delivering strong security with a fast and easy experience. Article content Article content Article content Article content Article content Article content
