The YubiKey lets you protect your accounts, go passwordless, and strengthen your multifactor authentication – all with one simple touch.
Balancing security and usability is a constant and costly challenge.
Your employees and partners want easy access to the resources they need to get the job done – reverting to overly simplistic passwords that are easy to recall across multiple platforms and services.
The result: an NCSC 2019 UK Cyber Survey security breach analysis found 23.2 million victim accounts had the password ‘123456’.
“80% of hacking-related breaches involve compromised and weak credentials.The 2019 Verizon Data Breach Investigations Report
Make it easy for your users and eliminate the risk of account takeovers.
Google, Facebook, and the UK government are amongst the thousands of organisations and millions of end users that rely on the YubiKey for simple, secure and scalable authentication.
Passwords simply don’t cut it anymore – organisations need to develop stronger authentication without compromising the user experience. Watch now to discover:
Passwords, authentication software and security codes are all vulnerable to modern phishing and man-in-the-middle (MITM) attacks.
Password recovery, resets, and IT administration fees all add up – costing large enterprises 10s of millions.
Longwinded multifactor authentication processes slow you down and reduce your organisation's output.
Your passwords, SMS, and mobile apps are increasingly vulnerable to malware and hackers.
The most secure hardware authentication systems can be complex to roll out, difficult to use, and hard to adopt.
ThirdSpace's consultants worked closely with our team throughout the process. They have always been very responsive to our needs. They’re flexible and extremely knowledgeable.RSA Group
ThirdSpace's willingness to roll up their sleeves and get stuck in is the reason we are enjoying the success we have today.Human Tissue Authority
Without question the best out there. They provide a very well rounded and detailed service from initial consultation to implementation, project management and training, and offer quality guidance and advice at every step.Programme Manager Hampshire Constabulary
The YubiKey combines the highest-level of security with passwordless authentication that will save you time, IT fees, and the headache of managing your account login details.
One, simple device reduces the authentication time for users.
Eliminating password resets cuts support desk costs by up to 90%.
Access nearly 1,000 apps and services from one easy-to-use device.
Compact and durable, Yubikey is water and crush-resistant.
Millions of end users use YubiKey to simplify and secure their logins.
YubiKey doesn’t need a network connection or batteries – just plug in and go!
Windows Hello for Business and YubiKey work together and complement each other, giving you even more protection. Both provide methods of passwordless authentication, both improve security, and both improve the user experience.
However, with YubiKey, the user credential is portable – which simplifies the enrolment process across different devices. It also means it doesn’t rely on a physical computer as the root of trust (a thumbs up for zero trust scenarios!), whereas Windows Hello for Business is tied to a single device.
Again, YubiKey and Microsoft Authenticator can be used together to complement each other and provide more robust security.
However, YubiKey excels when it comes to phishing resistance. A YubiKey can secure privileged accounts, call centres, shared workstation scenarios, and BYOD restricted environments, where mobile phones – and therefore Microsoft Authenticator – are not acceptable.
You should use both. YubiKey will plug gaps in portability and phishing resistance as covered in the above answers.
Ultimately, by simplifying your security and reducing demands on your IT departments, you are only going to save money in the long term.
Yubico and Microsoft, along with members of the FIDO Alliance and the World Wide Web Consortium (W3C), are lead authors of passwordless logins that are enabled by FIDO2 and WebAuthn authentication protocols.
To achieve strong authentication, you need to combine two or more authentication factors.
With the YubiKey, you will combine something you have (a security key) and something you are (biometrics) or know (PIN).
A PIN is fundamentally different from a password. A password is known by you and the remote server. It must be secured throughout the complete authentication sequence, as it’s vulnerable to attack vectors like password compromise, malware, password attacks, phishing, and MitM attacks.
FIDO2 leverages asymmetric cryptography. The PIN is not shared, it is stored locally in the secure element of the YubiKey, and it is only used to unlock the security key.
The passwordless feature is available in all SKUs of Azure AD, which is bundled with Office 365 and Microsoft 365. You just need an updated WebAuthn compatible browser for web authentication.
For workstation login, steps need to be taken to make sure the scenario is enabled but closely matches some of the requirements of Windows Hello for Business.
There is no official FIDO2 support for workstation login on Mac from Microsoft. Should your organisation want to extend the capabilities of Active Directory for workstation login on Mac, with the option to have the same user experience as with FIDO2 passwordless, you’ll need to refer to official Yubico and Apple documentation or contact Yubico.
Web authentication to applications and services through the browser is supported on Mac with YubiKeys.
25 – but carefully consider which accounts are stored onboard a single device.
For Windows 10 workstation login, if multiple Azure AD credentials are stored on the YubiKey, only one credential from a given Azure AD tenant can be used. The last Azure AD credential registered on the YubiKey will be used for workstation login.
Administrators can remove security keys on behalf of a user through the ‘user authentication methods experience’ in Azure AD. An administrator must enable this experience for themselves.
Additionally, there are MS Graph API endpoints (fido2AuthenticationMethod) and PowerShell cmdlets to help manage user security keys. And users can use the GUI to remove their own keys.
We recommend you register two YubiKeys.
If this is not possible, the Microsoft authenticator application can be used to authenticate as a backup. Once signed-in to your account, you can remove the YubiKey so nobody else can use it, and register a new one.
Your organisation’s helpdesk/administrators can define processes aligned to your internal processes.
If you’ve got any questions about this technology – our experts will have the answers.
If you’re looking to deploy this technology within your business, we can help you cut costs and maximise performance. Our team specialises in:
Passwords don’t cut it anymore – find out how (and why) you should leave them behind.Watch now
Send us your questions or feedback.
Friendly folks are standing by!
Eight-time winner of the Microsoft Partner of the Year Award for Identity Management, Enterprise Mobility, and Security and Compliance.
You are seeing this because you are using a browser that is not supported. The ThirdSpace website is built using modern technology and standards. We recommend upgrading your browser with one of the following to properly view our website:Windows
Please note that this is not an exhaustive list of browsers. We also do not intend to recommend a particular manufacturer's browser over another's; only to suggest upgrading to a browser version that is compliant with current standards to give you the best and most secure browsing experience.