Hello, SSO. It’s me, authentication

There’s a secret that single sign-on (SSO) never talks about. It’s called authentication.

The SSO conversation starts without mentioning the assumption that the user is already logged in. A login that requires a password. Instead, SSO is quickly positioned to triumph over the dangers of weak and reused passwords.

Many times, however, those same suspect passwords are the ones used for the initial authentication into the SSO environment.

Authentication is actually SSO’s most critical gatekeeper for a user’s identity. If the authentication password is stolen, all the user’s identities associated with that federated service are exposed.

Password policies, crazy character composition guidelines, and x-day expiration dates are the techniques enterprises typically use ﹘ with varying degrees of success ﹘ to get users to create passwords deemed strong enough for authentication to the SSO environment.

It’s within this scenario that Yubico has entered into a partnership with Ping Identity, a leader in the SSO and federation ecosystem, to create strong two-factor authentication for those critical and initial logins.

The one-time password (OTP) functionality of the YubiKey is integrated into PingID, a multi-factor authentication engine within the company’s flagship cloud identity service, PingOne.

So even if a user’s password is phished or stolen, a hacker is unable to access the user’s SSO environment without also having the user’s physical YubiKey. In addition, the Yubikey is not vulnerable to man-in-the-middle attacks that plague SMS phone-code solutions.

PingOne users now have the option to add hardware-based, two-factor authentication to secure primary logins to Ping Identity’s cloud SSO environment. There are plans to integrate YubiKeys with other components of Ping Identity’s recently unveiled Identity Defined Platform, which includes PingFederate and PingAccess. Soon privileged accounts in the Ping Identity environment also will be covered under this OTP security blanket, further protecting specific enterprise accounts.

The USB-based YubiKey is one-touch protection for all applications protected by SSO and federation. It’s a hardware authenticator that doesn’t require a battery or the installation of any client software. By design, nothing can be written to the YubiKey, so malware can’t be loaded onto it.

Support for OTP is included on the YubiKey Standard and Nano, YubiKey Edge and Edge-n, and the YubiKey NEO and NEO-n.

In addition, the YubiKey is not a single purpose device. Both the YubiKey Edge and YubiKey NEO offer support for multiple authentication options, including the FIDO Alliance’s U2F protocol. The YubiKey NEO and YubiKey NEO-n have other capabilities such as a PIV-compliant CCID smart card and OpenPGP (for code signing, etc.). The YubiKey NEO also supports NFC for logging on to mobile applications.

Talk to our teamTalk to our team

Share this article:


  • CEO Corner: Entering the second half of 2025 with momentumAs we continue to move further into the second half of 2025, I want to share a look back at our journey so far this year and as well as lay out Yubico’s strategic path ahead.  Resurgence in order growth and key segment wins While net sales declined for Q2, the end of the quarter […]Read moreCEOCEO CornerEarningsMattias Danielsson
  • Survey says: Your dog’s name isn’t a passwordWe all know we should be protecting our digital lives, but what are Americans actually doing? Yubico recently commissioned a survey, conducted by Talker Research, which asked 5,000 Americans in 10 major metro cities across the U.S. about their online security habits. Here’s a closer look at what they found (hint: they’re not as secure as they […]Read moreCompany Newssurvey
  • Passkeys are winning, but security leaders must raise the barPasswords are on their way out. In their place is a new form of login called passkeys that promises stronger security and less frustration. All passkeys offer the rare combination of improved usability and stronger security, especially when compared to passwords alone. But unless we act now, millions could be left more vulnerable than ever. […]Read moreDevice-bound passkeysHardware passkeypasskeyssynced passkeys
  • Your top YubiKey questions, answeredOver the 10+ years I’ve been at Yubico, I’ve had the pleasure of meeting customers, partners and many others talking about digital security. While every conversation is different, I am often asked many of the same questions about YubiKeys. One thing remains consistent: many people know they need better security, but they’re not sure what […]Read moreFAQYubiKey