Simplified authentication
Collège de Paris

The challenge: modernizing authentication and strengthening security

At the start of 2021, Collège de Paris had a goal: to modernize the authentication methods of senior management, privileged users and IT administrators. Their previous authentication setup was complicated and time-consuming. Passwords had to be complex, and changed every three months. Inevitably, this meant IT support were regularly required to regenerate passwords.

The company wanted employees to be able to log in quickly and without hassle. To make the most of their investment, they were looking for a single solution that would meet multiple business scenarios.

The solution: one key for three use cases

Collège de Paris required a solution for the following scenarios:

• Passwordless login
• Authentication on different online SaaS providers (CloudFlare, Microsoft M365, 1Password and any other application with the FIDO2 standard) to avoid the risks of SMS authentication
• Physical access to buildings, printers and the cafeteria, using the YubiKey as a single tool for both logical and physical access
  

Collège de Paris chose YubiKey because of how simply it could be added to existing infrastructures: Microsoft Azure, SaaS applications that support the FIDO2 web authentication protocol, and more. It was also important to avoid mobile authentication–not only is it less secure, but many users did not have a business mobile phone. Requiring authentication on a private phone would be complicated, and likely costly. A further requirement was that users should not be able to see and reuse the administrator’s password. To achieve this, YubiKeys were implemented with local PIN codes. As a European solution, meeting all security criteria and recommended by Microsoft for these use cases, the YubiKey was an obvious choice.

“The YubiKey provides a single authentication solution within all buildings – for using computers and printers as well as physical access to different areas.”

The results: increased security and consolidated access tools

Implementing passwordless authentication brought all the benefits the company had hoped for, and user adoption has been very good. Employees were relieved to no longer have to remember complex passwords, instead relying on a static device-level PIN. While simplifying the day-to-day user experience for staff, implementing phishing-resistant MFA has raised the organization’s protection against cyber attacks. Meanwhile, IT support is no longer required to regenerate passwords, which allows the team to relocate hours to other IT projects.

In addition to passwordless login, YubiKeys’ ability to natively strengthen secure access with FIDO2 for a number of SaaS applications means that Collège de Paris can capitalize on this acquisition and simplify the implementation of further services.

Having successfully simplified and strengthened the secure access to online services, the Collège de Paris wanted to go one step further. To avoid a buildup of access and authentication tools, the company decided to also replace access badges. A feasibility study confirmed this was possible, and the YubiKey was successfully implemented as a single access tool, for both physical and digital locations. Now, managers can spend more time on what matters to them–educational excellence.

Deploying YubiKeys gave Collège de Paris improved security and simplified authentication methods for key, privileged users. A long-term possibility is now to deploy YubiKeys throughout the organization, among students, faculty and contractors.