A backup and recovery process is an indispensable component of every security solutions strategy, and is something to think carefully about as you develop a plan to integrate YubiKeys into yours. Having a proper backup and recovery process keeps employees productive without them having to worry about losing their YubiKey or losing access to systems and accounts. More importantly, your backup and recovery process must be secure and should not diminish the overall security in place. Remember, your security is only as good as its weakest link.
The most secure plan is for each user to have two YubiKeys. Establishing a backup YubiKey ensures that the user can effortlessly access all of their accounts if they accidentally misplace their primary YubiKey. We strongly recommend this approach to all customers as a general best practice, as it guarantees that all users have a recovery solution easily accessible to them at any time. Having a backup YubiKey gives users peace of mind and eliminates the need for them to go through complicated, time-consuming processes to access their accounts. While other backup and recovery options are available, they come with a variety of pros and cons.
Other Backup and Recovery Options
One such alternative is having a Service Desk team issue a secondary temporary key on demand. This is the next best approach to having a backup YubiKey for all users, as it supplies a physical device registered with the same authentication system to the user at the time of need. With the YubiKey at its core, this approach removes many areas of risk that come with alternate solutions, and can serve as an extension of the two YubiKey approach if a user loses both keys. However, this option requires additional time, processes, and personnel, as the Service Desk must always be open to the user should they have an immediate need for a key.
Another popular backup alternative is having a mobile authenticator. Using an app like Google Authenticator provides a valid backup method by issuing a temporary passcode to users. However, mobile authenticators are often based on older technology, and do not provide the same protection that the YubiKey delivers, as the secrets used to generate the passcodes can be deciphered if enough codes are intercepted. Should you decide to use a mobile authenticator as a backup option, we encourage you to use it sparingly to avoid the risk of security breaches.
Beyond these, you can establish other backup methods, but they will not be as secure or as stable as a multi-key approach. SMS and email, for example, are the least secure backup and recovery methods, as they are susceptible to man in the middle and phishing attacks. In fact, section 18.104.22.168 of the NIST 800-63-3 guidelines, which will soon be published, recommends deprecating SMS due to security limitations. Additionally, a phone can run out of battery, be lost, stolen or broken, get infected by malware, or have storage retrieved by a connected computer. Conversely, the YubiKey is not vulnerable to most of these concerns.
While we understand that cost plays a key role in restricting organizations’ options for secure backup and recovery solutions, we do not recommend processes that could allow remote access to a corporate resource or introduce social engineering risk, reducing the initial security that our YubiKey solution was designed to protect against. Security always comes first! This is precisely why we urge all customers to consider using the two YubiKey approach as a best practice.