Danish Experts Tap YubiKey Security for Government and Banks

When security consultant Ian Qvist talks about YubiKeys, he does so with a knowing grin and the knowledge he’s tightening security without adding complexity. Qvist works with customers such as government agencies and Danish banks whose IT teams are looking for answers to specialized security needs.

“We use YubiKeys in a lot of places,” says Qvist, an eCrime senior consultant for CSIS Security Group A/S in Denmark. “They are so flexible we use it wherever we want to.”

The YubiKey is a simple USB-key that looks like a keyboard to your computer, and with a simple touch delivers two-factor authentication to secure logins.

Qvist says CSIS, which stands for Cyber Security and Intelligence Services, discovered the power of YubiKeys when he rolled out LastPass password manager internally to the company’s employees. Being security minded, the employees were concerned that all their passwords were in one place. Qvist quieted concerns by strengthening authentication to the password manager with a YubiKey.

Ian-Qvist-CSIS
Jens Christensen, security researcher at CSIS Security Group A/S in Denmark, holds up a Yubikey. While small, it is giving his business and customers a big assist on security.

LastPass was the first place we used YubiKey,” he said. “Insert the key, touch it and it is setup, anyone can do that.”

Ever since, the 10-year-old company has been finding spots in government and banking where the YubiKey can boost security and protect end-users, systems and digital resources. And now the YubiKey is an important element in the security services CSIS offers clients.

Today, YubiKeys also are used at CSIS to bolster security for other services including Microsoft’s Remote Desktop Protocol, VPNs and domain passwords.

“Because the YubiKey can be configured, we use them for many different applications,” Qvist said. “That is amazing for us. And we are coming up with new ways to use them.” YubiKeys can be set up for  a long static password or the open authentication OATH standard.

He says from a security perspective the ease of use and configuration options are what make the YubiKey so valuable.

CSIS uses Yubico’s personalization tool to deploy YubiKey security with many different authentication methods.

YubiKeys have support for Yubico one-time passcodes, Open Authentication (OATH) including HOTP and TOTP , Challenge-Response and Static Passwords. The YubiKey NEO also supports Near-Field Communication (NFC) for using YubiKey with mobile devices, smart card functionality, including PIV and Open PGP, and later this fall the FIDO Alliance’s Universal Second Factor (U2F) protocol.

CSIS uses both the YubiKey Nano form-factor, which tucks inside a USB port and can be left in the computer, and the Standard form-factor, a small, hermetically-sealed device that can attach to a keychain.

YubiKeys don’t require any software installation, drivers or batteries to operate. But customers like CSIS do use Yubico’s free open source software to customize keys and create their own backend validation servers and services. The Yubico open source tools are also used to program and control YubiKey encryption secrets, or add a ModHex Calculator among other options.

Qvist only began using YubiKeys a year ago, which means he has gotten to warp speed very quickly. Now they are part of everyday operations.

“Our different departments have different patterns of work and we don’t have to disturb those patterns,” he says.

Qvist says one particular customer had a large IT department with a few security guys who scrutinized everything. “When we gave them YubiKey, they saw how it worked and how [it applied] to their use cases. That got ideas rolling around in their heads,” he says.

Enough ideas in fact to fuel more knowing smiles from Qvist.

John Fontana is the Identity Evangelist at Yubico. Also follow his Identity Matters column on ZDNet

Talk to our teamTalk to our team

Share this article:


  • Cybersecurity in 2025 – part two: Insights and predictions from Yubico’s expertsIn part one of our 2025 cybersecurity predictions, we highlighted insights from our experts on the topic of passkeys, digital identity wallets and the threats of AI-driven phishing – areas that saw a lot of focus in 2024, and ones that we expect to continue being a major focus this year. If you missed our […]Read morecritical infrastructurefederal governmentfinancial servicespredictions
  • Cybersecurity in 2025: Insights and predictions from Yubico’s expertsWith 2024 behind us, we saw another challenging year in the world of cybersecurity – highlighted by new and evolving threats like Artificial Intelligence (AI)-driven phishing and increasingly sophisticated cyber attacks overall. Yubico’s September Global State of Authentication Survey confirmed the challenges, even underscoring the potential risks of these new threats. The report emphasized the […]Read moreAIdigital identity walletspasskeyspredictions
  • State of Global Authentic(age)ion: A look at cybersecurity habits by generationsNo generations were left untouched when it came to the threat of hackers in 2024: from the impact of political shakeups, to increasingly sophisticated cyber attacks targeting consumers, critical industries and infrastructures, the world was on high alert. Fueled by a dramatic increase in phishing attacks circumventing certain forms of legacy multi-factor authentication (MFA), as […]Read moreState of Global Authenticationsurvey
  • Yubico named finalists of German digital identity innovation competitionIn 2023, Yubico began collaborating on an exciting open standards identity project – wwWallet – to shape the future of digital identity across Europe and beyond. The project saw immediate success solving problems for global identity, and was submitted in the German SPRIN-D European Digital Identity (EUDI) Funke competition which aims to develop and test […]Read moreEU Digital Identity WalletEUDIwwWalet