We’ve said it before, but it bears repeating: the road to passwordless is a journey, not an overnight transition. At first, it begins with a basic understanding of what passwordless authentication is (and isn’t), but then it becomes time to take action and head further down the road. Still, the question for every enterprise IT […]
Read more“Passwordless” can feel like a loaded term, with the security industry filled with differing and contradictory positions on the topic. The purpose of this whitepaper is to take an objective approach to understand the challenges that passwords present, what “passwordless” means, and what enterprises can expect moving forward as passwordless authentication matures.
Read moreWithin a few days of last year’s pandemic shut down in March, the business world knew something had permanently changed about the workplace. Millions of workers flooded out of traditional office environments, perhaps never to return. Security professionals worldwide scrambled to make transitioning to remote work painless, but in many cases they weren’t prepared for […]
Read moreTo continue our effort to peel back the layers on the journey to passwordless, Yubico talked with former Navy intelligence officer and University of Tulsa professor, Sal Aurigemma, about his research in the behavioral information security field. Professor Aurigemma focuses on end-user experiences and adoption rates of authentication technologies. He regularly runs field experiments with […]
Read moreOkta’s premier identity conference, Oktane21, is taking place virtually on April 6-8, and Yubico is once again a proud sponsor. This year, Yubico will highlight our continued partnership with Okta and showcase the YubiKey as the key to trust. Okta Adaptive MFA and the phishing-resistant YubiKey allow organizations to quickly and securely deploy strong multi-factor […]
Read moreToday, Yubico celebrates an important milestone in the evolution of modern authentication. We are excited to report that YubiKey passwordless authentication is now generally available to Microsoft’s Azure Active Directory (Azure AD) users, a critical step toward achieving better security without compromising usability. Nearly three years ago, Yubico started on this journey with Microsoft and […]
Read moreSay the word “passwordless” to a room full of security professionals and you will get a range of reactions, from a wry smile to a walk-out. That’s because the information security community knows that “passwordless” is a loaded term, and the industry is filled with differing and contradictory positions on the topic. The purpose of […]
Read moreHow is a ModHex static password generated? Utilizing ModHex and its 16-character alphabet, and encoding that introduces a measure of “randomness”. A 32-character ModHex password would take a hacker around five billion years to even get a 1 in 2,158,056,614 chance of a correct guess (yes, that’s two billion!). Even a 16-character ModHex password would take around […]
Read moreHow does CTAP work? FIDO2 consists of two standardized components, a web API (WebAuthn) and a version 2 of CTAP. The two work together and are required to achieve a passwordless experience for login. The earlier FIDO U2F (Link to FIDO U2F Glossary) protocol working with external authenticators is now renamed to CTAP1 in the WebAuthn specifications. […]
Read moreWhat does it mean to be FIDO U2F Certified? FIDO’s certification programs are a critical element in ensuring an interoperable ecosystem of products and services that organizations can leverage to deploy FIDO Authentication solutions worldwide. FIDO Alliance manages functional certification programs for its various specifications (e.g. U2F and FIDO2) to validate product conformance and interoperability. […]
Read more