
Louis adopts YubiKeys for fast and secure passwordless authentication at Point of Sale
YubiKeys provide phishing-resistant MFA for Europe’s number one motorcycle clothing & equipment retailer

Detlev Louis Motorrad-Vertriebsgesellschaft mbH (Louis) is Europe’s leading retailer for motorcycle clothing, equipment and accessories, with over 500 different brands and more than 55,000 products. Run by and for motorcycle enthusiasts, Louis operates 88 retail stores in Germany, Austria, the Netherlands and Switzerland, and an online shop with presence across Europe.
Increased cyber risk in retail prompts shift to passwordless
Across the globe, retail companies are bombarded by cyber attacks targeting personal and payment card information—and Louis is no exception.
“We face ransomware, malware, social engineering and identity theft,” says Sascha Neuhaus, Information Security Officer for Louis. “The number one threat is phishing. New technology, such as AI, is helping threat actors create automated attacks that are much more difficult to differentiate from normal emails—and faster than ever before.”
For Neuhaus, security is a fundamental way that Louis creates trust with its customers. “It’s all about a safe shopping experience. Nobody wants to go shopping and then find out that their payments haven’t been processed properly, or that their personal data has been compromised,” he explains. Neuhaus is well aware that just one attack can be enough to compromise the whole retail environment, and result in a potentially devastating data breach. However, stronger security controls should deliver peace of mind, not hamper the user experience and efficiency.
“We want to go passwordless. The way we are getting there is with Yubico.”
With the scale and sophistication of phishing attacks rising, Neuhaus decided that Louis needed to take their authentication security to the next level. Despite some multi-factor authentication (MFA) in place, retail workers had still been required to enter their passwords when logging in. This left Louis vulnerable to phishing attacks, but also created a workflow challenge. Users were consistently forgetting their mandatory long, complex passwords. To reset a password, employees would have to verify their identity by phone, which wasn’t always successful.
“A major driver for us was to save time and free employees from passwords,” says Neuhaus.
The first priority was the retail environment, where the time taken to authenticate has a direct impact on the customer. For fast and secure authentication, Louis needed to get rid of passwords altogether, and so partnered with workplace security and identity experts TAP.DE to identify the right passwordless solution.
“In a retail store, for the employee or frontline worker who needs access to the cashier system, speed is very important. No customer wants to wait. Authentication needs to be very fast.”
Securing the POS with Microsoft, SAP and Yubico
Louis is currently undergoing a digital transformation. “We are working to be state of the art in our technologies, and for this we need security in place. Security does not dictate how technology needs to work. It should be the other way around,” says Neuhaus. It was critical that the chosen passwordless solution be truly scalable, and work with Microsoft 365 as well as SAP Customer Checkout, the intelligent POS (Point-of-Sale) software soon being implemented in all Louis stores.
“The goal was to enhance security at the point of sale while simultaneously optimizing the user experience of the cashier,” says Michael Krause, CEO of TAP.DE. “Together with Louis, we prioritized security, ease of use, and cost—both the purchasing cost and the managing effort.”
While TAP.DE presented various potential passwordless solutions, it was clear that some approaches would introduce complex challenges. Mobile authentication is susceptible to attacker-in-the-middle threats, and requires that users either be provided with a business phone or be mandated to use their private phone. While fingerprint scanners were considered, Louis was concerned it would introduce compliance considerations related to biometric data under the General Data Protection Regulation (GDPR). Additionally, any solution would require near-field communication (NFC) capability, to increase authentication speed.
After consultation it was decided to implement the Security Key NFC by Yubico, a hardware security key offering highest assurance phishing-resistant MFA, combined with HID readers. The YubiKey stores the highest assurance device-bound passkeys (FIDO2 credentials) and offers ease of use at scale. With the workstation device housed securely under the front desk of all Louis stores, users simply tap their YubiKey on the HID reader for seamless authentication to Microsoft 365 and SAP systems.
“We were able to prove that the Security Key NFC by Yubico in combination with HID readers is the best possible solution for Louis. With YubiKeys, Louis will achieve a stronger security level with seamless user authentication, reducing the risk of breaches and enhancing productivity.”
Streamlining the POS experience
Having entirely eliminated passwords from the POS experience, Louis has made authentication even simpler by providing all retail employees with a retractable lanyard to store their YubiKey. The employee simply pulls the YubiKey up to the HID reader and enters a PIN to authenticate. Unlike passwords, a PIN is not shared across networks but instead is tied to a specific device, and so is not susceptible to phishing.
“The PIN is short and easy to remember, like for a credit card,” says Neuhaus. “Even if the PIN were somehow leaked, it has no value because it’s tied to a specific YubiKey.” While compliance was not a primary driver in Louis’ decision-making process, the YubiKey helps Louis meet the requirements of PCI DSS v4.0.1 for secure manager access to the POS.1 Louis’ decision was also influenced by the fact that Yubico is a European company, with the YubiKeys manufactured in Sweden.
“Our major driver was to reduce the time to authenticate,” says Neuhaus. “The first feedback we’ve had from our employees about using the YubiKeys has been fantastic. Employees are very fast in accessing the applications they need, so it’s a win-win situation for them, security and for customers, who benefit from faster service.” In time, Neuhaus intends to streamline authentication using the YubiKey with single sign-on (SSO) so that employees can seamlessly transition between the Louis website and the cashier system to support customer interactions.
In the event that an employee forgets their YubiKey, each store has a stock of reserve keys which they can easily reassign. If a YubiKey is lost, it can be revoked. Louis employees are encouraged to use their YubiKey for their personal accounts to help support adoption. Using the YubiKey “not only makes an employee’s business life easier and more secure, but also extends these benefits to their personal life,” explains Krause.
“It’s a great feeling actually to know that YubiKeys are making us more secure in our business and seeing how employees take that up and say it helps them to do their work faster.”
Extending passwordless across the enterprise with passkeys
After the positive experience with phishing-resistant, passwordless login for the retail environment, Neuhaus envisions many more opportunities to extend high assurance authentication across the enterprise. YubiKeys are being used to protect software developers’ access to Louis eCommerce systems, as well as enterprise users who do not wish to use their personal mobile device for authentication at work. “For software development, it was a perfect fit,” says Neuhaus. “We get a lot of phishing attempts, up to 100 per day. The YubiKey has provided critical protection from security breaches.”
“The YubiKey is small, sturdy, it doesn’t break and it’s easy to use. You can put it in your pocket, you can put it on your waistband. We said to ourselves: that’s the way forward, that’s where we have to go.”
While legacy mobile authentication is standard across the organization, there is a recognition among Neuhaus and his colleagues that MFA fatigue is growing. And with Yubico’s security key lineups offering the most secure passkeys in the market, Louis is looking to further modernize security. “We see requests come in and people don’t keep in mind if they have requested access,” says Neuhaus, “They just push the button on an authenticator, but in the end it may have been an attacker.” Extending YubiKey coverage would eliminate the risk of MFA fatigue, as FIDO2 (passkey) authentication is only possible with the genuine online service or website for which a given credential has been registered. “With a phishing-resistant way of authenticating, there is no problem,” says Neuhaus. “You have the YubiKey with you and you authenticate against the system.”
In the longer term, Neuhaus hopes that phishing-resistant passwordless authentication will also be available on the Louis online store, protecting the digital identities of its online customers. “The key is to keep the community happy and create the best motorbike experience,” he says. “We want to secure our customers in every aspect. We believe when you come to our online store, we should also support you by allowing you to use passkeys.”
“We have a solution that is practical for us and, above all, sustainable. We know that we can use them for years to come. That’s why it was so important for us to make the strategic decision to use YubiKeys. It was a huge step forward.”