斯蒂娜·埃倫斯瓦德正在打造“互聯網安全帶”。

Yubico是一家設計互聯網賬戶安全密鑰的初創公司，該公司的首席執行官兼創始人一邊滔滔不絕地說著，一邊興奮地把一個小包甩在了《財富》雜志的辦公桌上。塑料包裝里是她的最新產品。這是第一個兼容Lightning接口的硬件安全密鑰。換句話說，這是第一款適用于蘋果5及以上iphone最新機型的密鑰。

安全專家強烈推薦使用硬件安全密鑰。它們提供了一層額外的保護——用術語來說就是在密碼之外又提供了第二因素身份驗證。它們通常比向您的手機發送一次性驗證碼或使用能夠隨機生成數字的應用程序來設置密碼更安全。Twitter、Facebook和Dropbox等服務商都支持密鑰。

可能會有人對這個想法不屑一顧——為什么每次我想登錄賬戶時都要把這個加密狗插入我的手機？斯蒂娜提前預料到了這種反對的聲音。她的密鑰你只要偶爾插一下就行。谷歌有30天的寬限期。其他服務商會給你更多的寬限。再說了，和能換來的平靜相比，這點小麻煩算什么？

埃倫斯瓦德將自己的發明稱為安全帶，她是在向幾十年前沃爾沃的創新致敬。1959年，這家汽車制造商的一位工程師尼爾斯·波林發明了三點式安全帶，后來成為整個汽車行業的安全標準。沃爾沃沒有申請專利，也沒有將這種救命設計的所有權據為己有，而是選擇宣傳推廣這種創新。巧合的是，同為瑞典人的埃倫斯瓦德也打算用她的發明做同樣的事情。

“即使你不提Yubico，你也應該推廣這個標準，”埃倫斯瓦德懇求道。她指的是WebAuthn，這是一種為所有此類技術賦權的開放式的認證標準。她希望提高人們對該協議的認識，這樣會有更多的大型科技公司對此進行推廣。直到最近，互聯網技術標準機構設置萬維網聯盟(World Wide Web Consortium，或稱為W3C)對該技術表示支持之后，蘋果才開始增設對相關技術的兼容性（你可以在蘋果網絡瀏覽器Safari的測試版或實驗版上測試該密鑰）。

一些安全密鑰不需要物理接觸就可以運行——不需要在任何端口插入密鑰。他們使用“近場通信”或藍牙這兩種無線通信標準來交換認證數據。但由于擔心安全問題，Yubico不會使用藍牙，而蘋果迄今也拒絕讓外界接入其NFC功能。所以，iPhone沒有非接觸式的YubiKeys密鑰。

考慮到Yubico和蘋果之間的這種僵局（希望是暫時的），我們最好記住，拯救這么多人生命的不是安全帶的發明，而是沃爾沃的波林發明的三點式安全帶設計的便利性。如果蘋果公司能像長期以來谷歌對安卓系統上的支持一樣，讓Yubico這樣的公司接入其NFC，我們將會看到真正的進步。（財富中文網）

譯者：Agatha

Stina Ehrensv?rd is creating "a seatbelt for the Internet.

The CEO and founder of Yubico, a startup that designs online account-securing fobs, says as much as she enthusiastically slaps a package on a table at Fortune’s offices. Inside the plastic container: Her latest product. It’s the first Lightning-port compatible hardware security key. Translation: the first security fob that works with Apple’s latest iPhones, generations 5 and later.

Hardware security keys come highly recommended by security experts. They offer an additional layer of protection—a second-factor, in the parlance—over passwords alone. They’re generally more secure than sending a one-time code to your phone, or using a random number generating application to produce the codes. Services such as Twitter, Facebook, and Dropbox support the keys.

Before one dismisses the notion—why am I going to stick this dongle into my phone every time I want to log into one of my accounts?—Stina anticipates the objection. You only have to stick in the key every so often. Google lets you have a 30-day grace period. Other services give you more leniency. Besides: What's a minor inconvenience for so much peace of mind?

In calling her invention a seatbelt, Ehrensv?rd is hearkening back to decades-old innovations at Volvo. In 1959, Nils Bohlin, an engineer at the carmaker, created the three-point seatbelt, which became the standard for safety across the auto industry. Instead of filing patents and keeping the life-saving design proprietary, Volvo chose to evangelize the innovation. Ehrensv?rd, who is, coincidentally, also Swedish, aims to do the same with her invention.

"Even if you don’t write about Yubico, you should promote this standard," Ehrensv?rd implores. She refers to WebAuthn, an open authentication standard that enables all this technology to work. She wants to raise awareness about the protocol so that more big tech companies roll it out. Apple only recently began adding compatibility after the World Wide Web Consortium, or W3C, an Internet standards body, gave its blessing to the tech. (You can test the keys out on the beta, or experimental, version of Apple's web browser Safari.)

Some security keys work without physical touch—no sticking keys in any ports. Instead, they use " near-field communication " or Bluetooth, two wireless telecom standards, to exchange authentication data. But Yubico won't touch Bluetooth, for fear of security issues, and Apple has so far refused to let outsiders tap into its NFC capability. So, no contactless YubiKeys for iPhone.

In considering this (hopefully temporary) impasse between Yubico and Apple, one might do well to remember that it wasn't the invention of the seatbelt that saved so many lives, but the convenience of the three-point strap design that Volvo's Bohlin pioneered. If and when Apple buckles up and lets companies like Yubico tap into NFC, as Google has long enabled on Android, we'll see real progress.