Strong authentication that eliminates passwords and delivers a more secure and frictionless login experience.
Passwords are no longer the answer
Large scale data breaches and credential theft put user accounts at risk for account takeover.
stolen credentials reported in 2017
of data breaches from weak/stolen passwords
the most commonly used password along with the word password.
The hidden time and cost of passwords
The average user struggles to manage passwords for a dozen or more accounts.
per person, each year, spent on password resets
of helpdesk calls are for password resets
the average estimated cost of a password reset
support cost is password resets
What is passwordless authentication?
Passwordless authentication is any form of authentication that doesn’t require
the user to provide a password at login. There are many different implementations of passwordless authentication today. While traditional multi-factor authentication (MFA) approaches are highly phishable and vulnerable to remote account takeover attacks, modern MFA approaches, including passwordless MFA offer strong phishing resistance and are proven to stop account takeovers in its tracks.
Think there is only one way to do passwordless?
There are many roads to phishing-resistant passwordless, and all roads lead to stronger security and a better user experience. Organizations can choose to implement smart card passwordless, FIDO2 passwordless using a biometric or a PIN, or a hybrid passwordless approach involving a mix of smart card and FIDO2 passwordless, depending on their existing infrastructure and user scenarios. And, the user can simply authenticate using a passwordless device, such as a hardware security key that can support both smart card and FIDO2 protocols to verify their credentials with the application or system.
Smart card passwordless
Smart cards are a step toward passwordless, and many companies already use them for secure access to sensitive resources and systems. Organizations that have a primarily on-premises infrastructure, or have a BYOD environment should consider implementing a smart card-based passwordless approach. This offers both the benefits of strong security and a passwordless user experience. Smart cards are eminently less phishable than a password-based system, and used effectively in some of the most security-conscious organizations in the world today.
FIDO2 is the newest FIDO Alliance specification for authentication standards, and WebAuthn is a web-based API that allows websites to update their login pages to add FIDO-based authentication on supported browsers and platforms. This is an evolving security ecosystem that will make crossing the bridge to passwordless easier. Cloud-first organizations, or one that has a mix of cloud and on-premises infrastructure can pursue a FIDO2 passwordless strategy. Organizations with cloud-based applications like Office 365 or other SaaS applications, and using any of the existing Identity Providers can consider a FIDO2 passwordless approach.
Increasing organizations are opting to choose a combination of two different types of passwordless approaches to create a solution that solves their passwordless needs. As an example, customers are opting to go with FIDO2 passwordless for computer login and federated web apps, while choosing a smartcard passwordless approach for secure remote access (RDP, VPN, VDI). In this manner organizations can adopt a passwordless strategy to map to specific use cases, given their environments and user segments.
Looking for a FIPS validated solution for passwordless login into Microsoft Azure AD?
Learn about the YubiKey 5 FIPS Series the industry’s first FIPS 140-2 validated hardware security key lineup to support Smart card, FIDO2 and hybrid passwordless.
“Passwordless login represents a massive shift in how billions of users, both business and consumer, will securely log in to their Windows 10 devices and authenticate to Azure Active Directory-based applications and services.”
How does passwordless work?
Passwordless authentication is made possible by the new FIDO2 open authentication standard co-authored by Yubico and Microsoft, along with members of the FIDO Alliance.
Single factor (passwordless):
authenticator + touch/tap
Replaces weak passwords with a hardware authenticator for strong single factor authentication.
authenticator + touch/tap + PIN
Multi-factor with combination of a hardware authenticator with user touch and a PIN, to solve high assurance requirements such as financial transactions, or submitting a prescription.
Learn more about modern MFA and going Passwordless
Is your organization ready to go passwordless? Here is a list of questions to check your readiness
Read the Bridge to Passwordless Whitepaper Series
Delivering strong authentication and passwordless at scale
Thousands of companies and millions of end-users use YubiKey to simplify and secure logins to computers, internet services, and mobile apps. Our customers include 9 of the top 10 internet companies, 3 of the 5 leading financial and retail companies, and several of the largest governmental entities around the world.
YubiKey protects the world’s leading brands
Risk reduction, business growth, and efficiency enabled by YubiKeys
A recent Forrester Consulting Total Economic Impact™ (TEI) study commissioned by Yubico found that a composite organization representative of interviewed customers who use YubiKeys reduced risk of successful phishing and credential theft attacks by 99.9%, saw a drop in password-related helpdesk tickets by 75%, and experienced a 203% 3-year ROI with YubiKeys.
BUT…. all organizations are different. Enter your own company data to create a custom Dynamic TEI study and instantly see how Yubico’s solutions can help your organization!
YubiEnterprise Subscription: peace of mind and flexibility for less than a cup of coffee per user/month
YubiEnterprise Subscription simplifies purchase and support while also providing financial benefits. Estimate your potential savings as compared to one-time perpetual purchasing model
- Q&A with CEO Mattias Danielsson: Yubico’s next stage of growth as a public company and what investors can expect
Today marks an exciting, historic day in Yubico’s history: the company is now publicly traded under the ticker symbol YUBICO on Nasdaq First Growth North Market in Stockholm. As the cyber threat landscape continues to evolve rapidly through increasingly sophisticated attacks like phishing, the need for phishing-resistant MFA with the YubiKey are at an all-time […]
- thought leadership
- Five foundational cybersecurity controls to mitigate 90% of breaches
During my 16 years in the cybersecurity industry, and after discussions with numerous CISOs and cyber security experts, they all agree that there are five easy steps all organizations can take to mitigate over 90% of all cyber breaches1. Just like cars were not initially designed for safety, the internet was not designed for security. […]
- best practice guide
- Okta + Yubico: Better together
Modern cybersecurity needs to be phishing-resistant, but it also needs to incorporate a great user experience for employees, IT teams and customers. We know traditional authentication methods are perceived as user-friendly, but they are not secure and vulnerable to most attacks – in fact, 59% of people still rely on username and password to authenticate […]
- Partner Program
- Works with YubiKey Spotlight: How Yubico works with industry leaders who share the commitment to strong authentication
As the cyber threat landscape continues to evolve rapidly in the form of more sophisticated attacks like phishing and ransomware, the need for industry collaborations and partnerships are more critical than ever to help businesses and consumers stay secure online. We first launched the Works with YubiKey (WWYK) program in 2018 with this in mind […]
- Works with YubiKey