ThirdSpace ThirdSpace
ThirdSpace Contact Us
Close 0 Reset Search Run Search What are you looking for? Type at least three characters to search. Filter Search Results
  • All Content
  • Blog
  • Page
  • Case Studies
  • Event
  • Resources
  • News
  • Careers
  • Access Centre
  • Technologies
  • Workshops
  • Service
  • Solutions
  • People
Load more

Yubico’s YubiKey

The YubiKey lets you protect your accounts, go passwordless, and strengthen your multifactor authentication – all with one simple touch.

Balancing security and usability is a constant and costly challenge.

Your employees and partners want easy access to the resources they need to get the job done – reverting to overly simplistic passwords that are easy to recall across multiple platforms and services.

The result: an NCSC 2019 UK Cyber Survey security breach analysis found 23.2 million victim accounts had the password ‘123456’.

“80% of hacking-related breaches involve compromised and weak credentials.

The 2019 Verizon Data Breach Investigations Report

Make it easy for your users and eliminate the risk of account takeovers.

Size matters! Powerful two-factor authentication

Google, Facebook, and the UK government are amongst the thousands of organisations and millions of end users that rely on the YubiKey for simple, secure and scalable authentication.

YubiKey helps you:

  • Manage computers, phones, networks, and millions of online services using one easy security device
  • Gain strong, scalable authentication that eliminates account takeovers from phishing attacks
  • Minimise the cyber risk for employees and remote workers across all systems and devices
  • Reduce the cost of IT support and eliminate the need for costly password resets
Webinar: A guide to deploying passwordless authentication

Webinar: A guide to deploying passwordless authentication

Passwords simply don’t cut it anymore – organisations need to develop stronger authentication without compromising the user experience. Watch now to discover:

  • How (and why) passwordless solutions work
  • Key steps to consider on your passwordless journey
  • Demos of Microsoft's passwordless tools in action
Watch now

123456 – How quickly can you count to a security breach?

Passwords, authentication software and security codes are all vulnerable to modern phishing and man-in-the-middle (MITM) attacks.

Mounting costs

Password recovery, resets, and IT administration fees all add up – costing large enterprises 10s of millions.

Poor productivity

Longwinded multifactor authentication processes slow you down and reduce your organisation's output.

Vulnerability

Your passwords, SMS, and mobile apps are increasingly vulnerable to malware and hackers.

Complexity

The most secure hardware authentication systems can be complex to roll out, difficult to use, and hard to adopt.

ThirdSpace's consultants worked closely with our team throughout the process. They have always been very responsive to our needs. They’re flexible and extremely knowledgeable.

RSA Group

ThirdSpace's willingness to roll up their sleeves and get stuck in is the reason we are enjoying the success we have today.

Human Tissue Authority

Without question the best out there. They provide a very well rounded and detailed service from initial consultation to implementation, project management and training, and offer quality guidance and advice at every step.

Programme Manager Hampshire Constabulary

Passwordless for security-more

The YubiKey combines the highest-level of security with passwordless authentication that will save you time, IT fees, and the headache of managing your account login details.

You’ll benefit from:

Faster access

One, simple device reduces the authentication time for users.

Cost savings

Eliminating password resets cuts support desk costs by up to 90%.

Simplicity

Access nearly 1,000 apps and services from one easy-to-use device.

Robust protection

Compact and durable, Yubikey is water and crush-resistant.

Trusted protection

Millions of end users use YubiKey to simplify and secure their logins.

Anytime, anywhere

YubiKey doesn’t need a network connection or batteries – just plug in and go!

FAQs

How does the YubiKey compare to Windows Hello for Business?

Windows Hello for Business and YubiKey work together and complement each other, giving you even more protection. Both provide methods of passwordless authentication, both improve security, and both improve the user experience.

However, with YubiKey, the user credential is portable – which simplifies the enrolment process across different devices. It also means it doesn’t rely on a physical computer as the root of trust (a thumbs up for zero trust scenarios!), whereas Windows Hello for Business is tied to a single device.

How does the YubiKey compare to Microsoft Authenticator?

Again, YubiKey and Microsoft Authenticator can be used together to complement each other and provide more robust security.

However, YubiKey excels when it comes to phishing resistance. A YubiKey can secure privileged accounts, call centres, shared workstation scenarios, and BYOD restricted environments, where mobile phones – and therefore Microsoft Authenticator – are not acceptable.

How can I justify paying for YubiKey when Microsoft’s offerings are free?

You should use both. YubiKey will plug gaps in portability and phishing resistance as covered in the above answers.

Ultimately, by simplifying your security and reducing demands on your IT departments, you are only going to save money in the long term.

What are Yubico’s credentials?

Yubico and Microsoft, along with members of the FIDO Alliance and the World Wide Web Consortium (W3C), are lead authors of passwordless logins that are enabled by FIDO2 and WebAuthn authentication protocols.

Why is a PIN required? Isn’t that the same as a password?

To achieve strong authentication, you need to combine two or more authentication factors.

With the YubiKey, you will combine something you have (a security key) and something you are (biometrics) or know (PIN).

A PIN is fundamentally different from a password. A password is known by you and the remote server. It must be secured throughout the complete authentication sequence, as it’s vulnerable to attack vectors like password compromise, malware, password attacks, phishing, and MitM attacks.

FIDO2 leverages asymmetric cryptography. The PIN is not shared, it is stored locally in the secure element of the YubiKey, and it is only used to unlock the security key.

Will YubiKey work in my environment?

The passwordless feature is available in all SKUs of Azure AD, which is bundled with Office 365 and Microsoft 365. You just need an updated WebAuthn compatible browser for web authentication.

For workstation login, steps need to be taken to make sure the scenario is enabled but closely matches some of the requirements of Windows Hello for Business.

There is no official FIDO2 support for workstation login on Mac from Microsoft. Should your organisation want to extend the capabilities of Active Directory for workstation login on Mac, with the option to have the same user experience as with FIDO2 passwordless, you’ll need to refer to official Yubico and Apple documentation or contact Yubico.

Web authentication to applications and services through the browser is supported on Mac with YubiKeys.

How many Azure AD credentials can I store on my YubiKey?

25 – but carefully consider which accounts are stored onboard a single device.

For Windows 10 workstation login, if multiple Azure AD credentials are stored on the YubiKey, only one credential from a given Azure AD tenant can be used. The last Azure AD credential registered on the YubiKey will be used for workstation login.

How are FIDO2 credentials managed on YubiKeys with Microsoft solutions (enrolment, revocation, etc.)?

Administrators can remove security keys on behalf of a user through the ‘user authentication methods experience’ in Azure AD. An administrator must enable this experience for themselves.

Additionally, there are MS Graph API endpoints (fido2AuthenticationMethod) and PowerShell cmdlets to help manage user security keys. And users can use the GUI to remove their own keys.

How do I regain access to my applications if I lose my YubiKey?

We recommend you register two YubiKeys.

If this is not possible, the Microsoft authenticator application can be used to authenticate as a backup. Once signed-in to your account, you can remove the YubiKey so nobody else can use it, and register a new one.

Your organisation’s helpdesk/administrators can define processes aligned to your internal processes.

Our clients

We’re here to help!

We’re here to help!

If you’ve got any questions about this technology – our experts will have the answers.

If you’re looking to deploy this technology within your business, we can help you cut costs and maximise performance. Our team specialises in:

  • Planning and design – including pilots and proof-of-concepts to test viability.
  • Deployment and adoption – seamless installation and activation.
  • Managed support – keep your solution running securely and efficiently.
Get in touch

You may also like...

Blog

From ‘You’ve been pwned’ to passwordless: Secure access made easy – An interview with Yubico’s Chief Solutions Officer

Blog

FIDO2 – Making Microsoft’s passwordless authentication a reality

Webinar: A guide to deploying passwordless

Passwords don’t cut it anymore – find out how (and why) you should leave them behind.

Watch now

Need some help?

Send us your questions or feedback.

Friendly folks are standing by!

Contact Us
Award-winning solutions Award-winning solutions

Eight-time winner of the Microsoft Partner of the Year Award for Identity Management, Enterprise Mobility, and Security and Compliance.

ThirdSpace Please upgrade your browser

You are seeing this because you are using a browser that is not supported. The ThirdSpace website is built using modern technology and standards. We recommend upgrading your browser with one of the following to properly view our website:

Windows Mac

Please note that this is not an exhaustive list of browsers. We also do not intend to recommend a particular manufacturer's browser over another's; only to suggest upgrading to a browser version that is compliant with current standards to give you the best and most secure browsing experience.