Yubico, the maker of the popular YubiKey hardware two-factor authentication (2FA) token, has announced the launch of its iOS SDK. This allows developers to bake truly secure 2FA (read: not based on SMS) into their apps, based on the company’s YubiKey NEO NFC-equipped hardware.

“It's both terrifyingly interesting and interestingly terrifying”

According to VICE, TNW Conference is quite the event

The company has also announced the first company to use the SDK in an app. LastPass, the popular LogMeIn-owned password manager, now lets iOS users authenticate using the YubiKey NEO device.

In a press release, YubiKey founder and CEO Stina Ehrensvard, said: “It’s absolutely critical to have a hardware-based root of trust, like the YubiKey, to establish an approved relationship between a mobile phone and the apps we use.”

The hardware bit is important, because SMS-based authentication isn’t as secure as you might think (although, it’s more secure than not using any form of two-factor authentication at all). A popular attack sees an adversary clone a phone number, thereby intercepting any one-time passwords sent to the victim.

This isn’t necessary a complicated, technical process. It often involves little more than going to a phone company’s store, and social engineering the sales assistant into issuing a new SIM card.