Hello, SSO. It’s me, authentication

There’s a secret that single sign-on (SSO) never talks about. It’s called authentication.

The SSO conversation starts without mentioning the assumption that the user is already logged in. A login that requires a password. Instead, SSO is quickly positioned to triumph over the dangers of weak and reused passwords.

Many times, however, those same suspect passwords are the ones used for the initial authentication into the SSO environment.

Authentication is actually SSO’s most critical gatekeeper for a user’s identity. If the authentication password is stolen, all the user’s identities associated with that federated service are exposed.

Password policies, crazy character composition guidelines, and x-day expiration dates are the techniques enterprises typically use ﹘ with varying degrees of success ﹘ to get users to create passwords deemed strong enough for authentication to the SSO environment.

It’s within this scenario that Yubico has entered into a partnership with Ping Identity, a leader in the SSO and federation ecosystem, to create strong two-factor authentication for those critical and initial logins.

The one-time password (OTP) functionality of the YubiKey is integrated into PingID, a multi-factor authentication engine within the company’s flagship cloud identity service, PingOne.

So even if a user’s password is phished or stolen, a hacker is unable to access the user’s SSO environment without also having the user’s physical YubiKey. In addition, the Yubikey is not vulnerable to man-in-the-middle attacks that plague SMS phone-code solutions.

PingOne users now have the option to add hardware-based, two-factor authentication to secure primary logins to Ping Identity’s cloud SSO environment. There are plans to integrate YubiKeys with other components of Ping Identity’s recently unveiled Identity Defined Platform, which includes PingFederate and PingAccess. Soon privileged accounts in the Ping Identity environment also will be covered under this OTP security blanket, further protecting specific enterprise accounts.

The USB-based YubiKey is one-touch protection for all applications protected by SSO and federation. It’s a hardware authenticator that doesn’t require a battery or the installation of any client software. By design, nothing can be written to the YubiKey, so malware can’t be loaded onto it.

Support for OTP is included on the YubiKey Standard and Nano, YubiKey Edge and Edge-n, and the YubiKey NEO and NEO-n.

In addition, the YubiKey is not a single purpose device. Both the YubiKey Edge and YubiKey NEO offer support for multiple authentication options, including the FIDO Alliance’s U2F protocol. The YubiKey NEO and YubiKey NEO-n have other capabilities such as a PIV-compliant CCID smart card and OpenPGP (for code signing, etc.). The YubiKey NEO also supports NFC for logging on to mobile applications.

Talk to our teamTalk to our team

Share this article:


  • Works with YubiKey Spotlight: Passkeys are here – are you ready?With 2025 at its midpoint, enterprises worldwide are grappling with how to protect their users and data against emerging challenges around user security. Since 2022, generative AI has fueled a 4,000% surge in phishing – exploiting human vulnerability in 68% of breaches. It’s no longer a question – the world has a password problem that […]Read morepartnerspasskeysWorks with YubiKeywwyk
  • Yubico LogoYubico liefert PIN-Verbesserungen mit dem neuen YubiKey 5 – Verbesserte PIN-SchlüsselUm sich auf die sich ständig weiterentwickelnden Cyber-Bedrohungen vorzubereiten, passen Regierungen weltweit die Authentifizierungsanforderungen für Online-Dienste an und aktualisieren sie, was direkte Auswirkungen auf viele Unternehmen und deren Mitarbeiter hat. Zwar gibt es derzeit keine universelle Regelung für eine robustere Multi-Faktor-Authentifizierung (MFA), doch wird deren Notwendigkeit in einer Reihe von Anforderungen hervorgehoben, darunter PSD2, DSGVO […]Read moreYubiKey
  • Yubico delivers PIN advancements with new YubiKey 5 – Enhanced PIN keysTo prepare for continuously evolving cyber threats, governments around the world are adapting and updating authentication requirements for online services which directly impact thousands of organizations and their employees. While there’s currently no universal regulation for more robust multi-factor authentication (MFA), the need is highlighted across a range of requirements including PSD2, GDPR, and the […]Read moreCompany NewsProduct NewsYubiKeyYubiKey 5 – Enhanced PINYubiKey 5 SeriesYubiKey as a Service
  • An inside look at Yubico’s transition to passwordlessBefore “passkey” became a familiar term in our industry, Yubico had long delivered hardware-backed and phishing-resistant FIDO2 based authentication. Today, the adoption of passkey usage is accelerating. However, it’s taken quite a bit longer to integrate passwordless authentication into the everyday, enterprise-grade authentication flows that are required for today’s businesses.  As long as it’s been […]Read moreOktapasswordless