Technologies

Yubico's YubiKey

arrow icon arrow icon

Protect your accounts, go passwordless, and strengthen your multi-factor authentication – all with one simple touch.

""

The key to strong authentication for your organisation.

Balancing security and usability is a constant and costly challenge.

That challenge only grows when applied to a varied and disparate workforce.

Your employees and partners want easy access to the resources they need to get the job done – reverting to simplistic passwords that are easy to recall across multiple platforms and services.

The result: ‘123456’ continues to be the most used password across the globe (NordPass, 2021).

With YubiKey, you can make access easy for your users and eliminate the risk of account takeovers.

61% of hacking-related breaches involve compromised and weak credentials.

The 2021 Verizon Data Breach Investigations Report

Small but mighty: two-factor, multi-factor, and biometric authentication

Google, Facebook, and the UK government are amongst the thousands of organisations that rely on the YubiKey for simple, secure, and scalable hardware or biometric authentication.

YubiKey helps you:

  • arrow icon

    Manage computers, phones, networks, and millions of online services using one security device

  • arrow icon

    Gain strong, scalable authentication that eliminates account takeovers from phishing attacks

  • arrow icon

    Minimise the cyber risk for employees and remote workers across all systems and devices

  • arrow icon

    Add two-factor, multi-factor and/or biometric authentication – or go passwordless

123456 – How quickly can you count to a security breach?

Passwords, authentication software, and security codes are all vulnerable to modern phishing and man-in-the-middle (MITM) attacks.
 

Your challenges

Ebony coins on transparent background

Mounting costs

Password recovery, resets, and IT administration fees all add up – costing large enterprises 10s of millions.

Ebony and green stressed person icon on transparent background

Poor productivity

Long-winded multi-factor authentication processes slow you down and reduce your organisation’s output.

Ebony and green password protected laptop icon on transparent background

Vulnerability

Your passwords, SMS, and mobile apps are increasingly vulnerable to malware and hackers.

Ebony and green triple cogs icon on transparent background

Complexity

Secure hardware authentication systems can be complex to roll out, difficult to use, and hard to adopt.

Passwordless for security-more

You’ll benefit from:

Ebony and green speedometer icon on transparent background

Faster access

One, simple device reduces the authentication time for users.

Ebony and green piggy bank and pound icon on transparent background

Cost savings

Eliminating password resets cuts support desk costs by up to 90%.

Ebony and green key icon on transparent background

Simplicity

Access nearly 1,000 apps and services from one easy-to-use device.

Ebony and green hammer icon on transparent background

Robust protection

Compact and durable, Yubikey is water and crush resistant.

Ebony and green managed security operations icon on transparent background

Trusted protection

Millions of end users use YubiKey to simplify and secure their logins.

Ebony and green tick shield and globe icon on transparent background

Anytime, anywhere

YubiKey doesn’t need a network connection or batteries – just plug in and go!

FAQs – YubiKey

Expand the headings to the right to learn more about YubiKey functionality and features.

  • Windows Hello for Business and YubiKey work together and complement each other, giving you even more protection. Both provide methods of passwordless authentication, both improve security, and both improve the user experience.

    However, with YubiKey, the user credential is portable – which simplifies the enrolment process across different devices. It also means it doesn’t rely on a physical computer as the root of trust (a thumbs up for zero trust scenarios!), whereas Windows Hello for Business is tied to a single device.

  • Again, YubiKey and Microsoft Authenticator can be used together to complement each other and provide more robust security.

    However, YubiKey excels when it comes to phishing resistance. A YubiKey can secure privileged accounts, call centres, shared workstation scenarios, and BYOD restricted environments, where mobile phones – and therefore Microsoft Authenticator – are not acceptable.

  • You should use both. YubiKey will plug gaps in portability and phishing resistance as covered in the above answers.

    Ultimately, by simplifying your security and reducing demands on your IT departments, you are only going to save money in the long term.

  • Yubico and Microsoft, along with members of the FIDO Alliance and the World Wide Web Consortium (W3C), are lead authors of passwordless logins that are enabled by FIDO2 and WebAuthn authentication protocols.

  • To achieve strong authentication, you need to combine two or more authentication factors.

    With the YubiKey, you will combine something you have (a security key) and something you are (biometrics) or know (PIN).

    A PIN is fundamentally different from a password. A password is known by you and the remote server. It must be secured throughout the complete authentication sequence, as it’s vulnerable to attack vectors like password compromise, malware, password attacks, phishing, and MitM attacks.

    FIDO2 leverages asymmetric cryptography. The PIN is not shared, it is stored locally in the secure element of the YubiKey, and it is only used to unlock the security key.

  • The passwordless feature is available in all SKUs of Azure AD, which is bundled with Office 365 and Microsoft 365. You just need an updated WebAuthn compatible browser for web authentication.

    For workstation login, steps need to be taken to make sure the scenario is enabled but closely matches some of the requirements of Windows Hello for Business.

    There is no official FIDO2 support for workstation login on Mac from Microsoft. Should your organisation want to extend the capabilities of

    Active Directory for workstation login on Mac, with the option to have the same user experience as with FIDO2 passwordless, you’ll need to refer to official Yubico and Apple documentation or contact Yubico.

    Web authentication to applications and services through the browser is supported on Mac with YubiKeys.

  • 25 – but carefully consider which accounts are stored onboard a single device.

    For Windows 10 workstation login, if multiple Azure AD credentials are stored on the YubiKey, only one credential from a given Azure AD tenant can be used. The last Azure AD credential registered on the YubiKey will be used for workstation login.

  • Administrators can remove security keys on behalf of a user through the ‘user authentication methods experience’ in Azure AD. An administrator must enable this experience for themselves.

    Additionally, there are MS Graph API endpoints (fido2AuthenticationMethod) and PowerShell cmdlets to help manage user security keys. And users can use the GUI to remove their own keys.

  • We recommend you register two YubiKeys.

    If this is not possible, the Microsoft authenticator application can be used to authenticate as a backup. Once signed-in to your account, you can remove the YubiKey so nobody else can use it and register a new one.

    Your organisation’s helpdesk/administrators can define processes aligned to your internal processes.

tag icon

Join the mailing list

Ready to ‘Become greater’?

When you sign up to our mailing list, you’ll get the best content, expert resources, and exclusive event invites sent directly to your inbox.

Butterfly overlay image

We’re here to help you on your journey towards becoming greater. Get in touch to find out how.