White paper: Bridge to Passwordless best practices
Today, at Microsoft Ignite, Yubico is excited to preview the long-awaited YubiKey Bio. It is the first YubiKey that will support fingerprint recognition for secure and seamless passwordless logins, which has been a top requested feature from many of our YubiKey users.
The YubiKey Bio delivers the convenience of biometric login with the added benefits of Yubico’s hallmark security, reliability and durability assurances. Biometric fingerprint credentials are stored in the secure element that helps protect them against physical attacks. The result? A single, trusted hardware-backed root of trust delivering a seamless login experience across different devices, operating systems, and applications. With support for both biometric- and PIN-based login, the YubiKey Bio leverages the full range of multi-factor authentication (MFA) capabilities outlined in the FIDO2 and WebAuthn standard specifications.
Ignite attendees can see a live demo of passwordless sign-in to Microsoft Azure Active Directory accounts using the YubiKey Bio during Alex Simons’ keynote on Tuesday, November 5.
In keeping with Yubico’s design philosophy, the YubiKey Bio will not require any batteries, drivers, or associated software. The key seamlessly integrates with the native biometric enrollment and management features supported in the latest versions of Windows 10 and Azure Active Directory, making it quick and convenient for users to adopt a phishing-resistant passwordless login flow.
“As a result of close collaboration between our engineering teams, Yubico is bringing strong hardware-backed biometric authentication to market to provide a seamless experience for our customers,” said Joy Chik, Corporate VP of Identity, Microsoft. “This new innovation will help drive adoption of safer passwordless sign-in so everyone can be more secure and productive.”
Over the past few years, Yubico has worked with Microsoft to help drive the future of passwordless authentication through the creation of the FIDO2 and WebAuthn open authentication standards. During this time, we’ve built YubiKey integrations with the full suite of FIDO2-enabled Microsoft products including Windows 10 with Azure Active Directory and Microsoft Edge with Microsoft Accounts. Today, we continue on this journey together with Microsoft’s announcement to extend support for FIDO2 security keys, like the YubiKey, to hybrid Active Directory environments. Early next year, enterprise users will be able to authenticate to on-premises Active Directory integrated applications and resources, in addition to providing seamless Single Sign-On (SSO) to cloud- and SAML-based applications.
To take advantage of strong YubiKey authentication in Azure Active Directory environments, please refer here for more information. To stay tuned on product updates and general availability, please join our YubiKey Bio mailing list.
This blog has been updated with additional information as of November 5, 2019.