Tag: FIDO
Feb 1, 2023
Q&A: Yubico Software Engineer Emil Lundberg on the past, present and future of WebAuthn
With the proliferation of distributed work globally and as cybercriminals become more sophisticated by the day – it’s clear that traditional passwords and legacy MFA simply aren’t strong enough. Enter WebAuthn, an API that makes it easy for web services to integrate strong authentication into applications using support built in to all leading browsers and …
Dec 15, 2022
Apple announces upcoming support for security keys: A look at the past, present and future of Advanced Protection with YubiKeys
In 2022, if one thing has been proven, it has been made very clear that not all multi-factor authentication (MFA) is created equal. Vulnerabilities with legacy forms of MFA, such as SMS, TOTPs, and mobile-based apps, continue to be the target and victims of data breaches, with attackers taking aim in record numbers in 2022. …
Oct 25, 2022
Phishing attacks are on the rise: are you prepared?
It doesn’t have to be Cybersecurity Awareness Month to read a flurry of news about human-based phishing attack stories – also called smishing if the “fishing line” is cast via SMS. These attacks boil down to the art of tricking people into revealing personal information and credentials – including usernames, passwords, authentication codes, and sensitive …
Oct 19, 2022
New phishing-resistant solutions available now with Azure AD and YubiKeys
Microsoft recently announced the release of three new solutions that enable organizations to deploy Azure Active Directory (Azure AD) to fight phishing attacks in Azure, Office 365, and remote desktop environments. These solutions will be essential to mitigate phishing attacks and will play a key role in supporting organizations looking to comply with the Executive …
Oct 18, 2022
Five ways Yubico can help you accelerate and scale phishing-resistant MFA in 2023
Legacy multi-factor authentication (MFA) has not worked against modern cyber threats due to inability to stop phishing and other account takeovers. Modern MFA, such as YubiKeys, have been proven to stop phishing attacks and account takeovers in their tracks. Only solutions based on Smart card/PIV or FIDO protocols are truly phishing-resistant because they require each …
The importance of hybrid authentication in zero trust architectures
Come learn key differences between PKI and FIDO, how to deploy FIDO within federal security policies, how to deploy FIDO within federal security policies, and more.
Sep 8, 2022
Yubico’s perspective and resource guide to passkeys 101
There has been a lot of information lately about the new ‘password-killing’ solution, the passkey. As we’ve discussed in previous posts on the topic, passkeys are a new industry term to make existing technology standards approachable to users. Passkeys are discoverable FIDO credentials that enable users to authenticate to websites without a password. Two types …
Jun 16, 2022
Introducing Yubico Authenticator 6 for Desktop
Today we’re releasing the first public beta version of Yubico Authenticator 6 for Desktop. This new version has some big changes under the hood, so let me explain what they are and why we’re doing them. Or, if you’re just eager to try it out, skip to the bottom of this post and click on …
Mar 3, 2022
Security considerations for the top 8 mobile device-restricted workplaces
When looking at enterprises and organizations, there are many different business scenarios that can be present when addressing secure authentication. Whether those be shared workstations, remote workers, or even privileged accounts, there is one in particular that introduces its own difficulties: mobile device-restricted workplaces. It’s safe to say that there will always be workplaces which, …
Jan 26, 2022
Salesforce is requiring MFA: Why this matters and what you can do
As sophisticated cyberattacks continue their relentless pursuit towards SMBs and enterprises, companies must prioritize improvements to their cybersecurity infrastructure to better secure their customers, employees, and partners. Username and passwords no longer provide adequate security against the ever evolving landscape of cyberattacks. Late last year, Salesforce took a strong and decisive stance, announcing that beginning …