What’s guarding your domain from unauthorized access?

Domains are a frequent target for phishing attacks that pose serious privacy risks and potential losses of millions of dollars in brand damage, lost revenue, stolen data, and recovery efforts. The threat of phishing greatly underscores the need to protect the front door to your domain.

We are excited to announce that Gandi is the first domain registrar to integrate support for the YubiKey and FIDO U2F authentication. With this new integration, Gandi customers benefit from greater security to safeguard domains and critical assets, such as SSL certificates, contained within.

The YubiKey delivers strong defense against phishing at the time of login, complementing Gandi’s promise to provide secure access to domain names, easy third-party integration, and powerful tools for everyone. Gandi is excited to offer users a more secure and easy-to-use 2FA protocol with FIDO U2F, and strongly encourages users to get YubiKeys.

“The user-experience was a big factor in our decision to integrate support. The ability to easily manage multiple tokens for multiple users offers a real-world example,” said Andrew Richner, Head of Communication at Gandi US. “The other factor is obviously security. Time-based one-time password (TOTP) has a few weaknesses that the challenge-response of U2F corrects. The resulting difficulty to phish a U2F user makes the YubiKey very attractive as a 2FA option. We love the portability and durability of YubiKeys too.”

Since adopting YubiKey support, Gandi reports that user feedback has been positive. “Our users have come to expect Gandi to be on top of new technology, and to offer a high level of security. We’re finding that it’s these customers in particular who are excited to spread the word about using Gandi and YubiKey together,” he added.

Gandi’s service features easy-to-use domain management tools that enable users to define access rights by organization, team, and individual, as well as delegate domains and hosting to collaborators no matter the organization structure or size. A domain at Gandi comes with a number of free services, including email addresses, http forwarding, an SSL certificate, and domain name system (DNS) management.

Gandi demonstrates a strong commitment to security and trust—all important values shared by Yubico—that is evident in our joint effort to provide a secure authentication solution to domain management. Learn more about what you can do with Gandi and the YubiKey.

Talk to our teamTalk to our team

Share this article:


  • Introducing new features for Yubico Authenticator for iOSWe’re excited to share the new features now available for Yubico Authenticator for iOS in the latest app update on the App Store. Many of these improvements aim to address frequently requested features from our customers, while providing additional new functionalities for a seamless authentication experience on iOS.  With increased interest in going passwordless and […]Read moreiOSYubico Authenticator
  • Platform independent digital identity for all Many are understandably concerned that the great invention called the Internet, initially created by researchers for sharing information, has become a major threat to democracy, security and trust. The majority of these challenges are caused by stolen, misused or fake identities. To mitigate these risks, some claim that we have to choose between security, usability […]Read moreDigital IdentityEUDIFounderStina Ehrensvard
  • Q&A with Yubico’s CEO: Our move to the main Nasdaq market in StockholmAs 2024 draws to a close, it’s the perfect time to reflect on the incredible journey we’ve had this year and how it has shaped where we stand today as a company. To mark this moment, I sat down with our CEO, Mattias Danielsson, to look back on the milestones and achievements of 2024—culminating in […]Read moreCEOMattias Danielsson
  • Exploring DORA: A look at the next major EU mandateFinancial institutions have historically managed operational risk using capital allocation, but under EU Regulation 2022/2554 – also known as the Digital Operational Resilience Act (DORA) – the financial sector and associated entities in the European Economic Area (EEA) must also soon follow new rules. These new rules focus on the protection, detection, containment, and the […]Read moreDORAEU