Go passwordless
Strong authentication that eliminates passwords and delivers a more secure and frictionless login experience.
Passwords are no longer the answer
Large scale data breaches and credential theft put user accounts at risk for account takeover.
3.3 Billion
stolen credentials reported in 2017
81%
of data breaches from weak/stolen passwords
123456
the most commonly used password along with the word password.
The hidden time and cost of passwords
The average user struggles to manage passwords for a dozen or more accounts.
21 hours
per person, each year, spent on password resets
20-50%
of helpdesk calls are for password resets
$70
the average estimated cost of a password reset
#1
support cost is password resets
What is passwordless authentication?
Passwordless authentication is any form of authentication that doesn’t require
the user to provide a password at login. There are many different implementations of passwordless authentication today. While traditional multi-factor authentication (MFA) approaches are highly phishable and vulnerable to remote account takeover attacks, modern MFA approaches, including passwordless MFA offer strong phishing resistance and are proven to stop account takeovers in its tracks.
Think there is only one way to do passwordless?
Think again.
There are many roads to phishing-resistant passwordless, and all roads lead to stronger security and a better user experience. Organizations can choose to implement smart card passwordless, FIDO2 passwordless using a biometric or a PIN, or a hybrid passwordless approach involving a mix of smart card and FIDO2 passwordless, depending on their existing infrastructure and user scenarios. And, the user can simply authenticate using a passwordless device, such as a hardware security key that can support both smart card and FIDO2 protocols to verify their credentials with the application or system.
Smart card passwordless
Smart cards are a step toward passwordless, and many companies already use them for secure access to sensitive resources and systems. Organizations that have a primarily on-premises infrastructure, or have a BYOD environment should consider implementing a smart card-based passwordless approach. This offers both the benefits of strong security and a passwordless user experience. Smart cards are eminently less phishable than a password-based system, and used effectively in some of the most security-conscious organizations in the world today.
FIDO2 passwordless
FIDO2 is the newest FIDO Alliance specification for authentication standards, and WebAuthn is a web-based API that allows websites to update their login pages to add FIDO-based authentication on supported browsers and platforms. This is an evolving security ecosystem that will make crossing the bridge to passwordless easier. Cloud-first organizations, or one that has a mix of cloud and on-premises infrastructure can pursue a FIDO2 passwordless strategy. Organizations with cloud-based applications like Office 365 or other SaaS applications, and using any of the existing Identity Providers can consider a FIDO2 passwordless approach.
Hybrid passwordless
Increasing organizations are opting to choose a combination of two different types of passwordless approaches to create a solution that solves their passwordless needs. As an example, customers are opting to go with FIDO2 passwordless for computer login and federated web apps, while choosing a smartcard passwordless approach for secure remote access (RDP, VPN, VDI). In this manner organizations can adopt a passwordless strategy to map to specific use cases, given their environments and user segments.
Looking for a FIPS validated solution for passwordless login into Microsoft Azure AD?
Learn about the YubiKey 5 FIPS Series the industry’s first FIPS 140-2 validated hardware security key lineup to support Smart card, FIDO2 and hybrid passwordless.
“Passwordless login represents a massive shift in how billions of users, both business and consumer, will securely log in to their Windows 10 devices and authenticate to Azure Active Directory-based applications and services.”
How does passwordless work?
Passwordless authentication is made possible by the new FIDO2 open authentication standard co-authored by Yubico and Microsoft, along with members of the FIDO Alliance.
Single factor (passwordless):
authenticator + touch/tap
Replaces weak passwords with a hardware authenticator for strong single factor authentication.
Multi-factor (passwordless):
authenticator + touch/tap + PIN
Multi-factor with combination of a hardware authenticator with user touch and a PIN, to solve high assurance requirements such as financial transactions, or submitting a prescription.
Learn more about modern MFA and going Passwordless
Is your organization ready to go passwordless? Here is a list of questions to check your readiness
Government of Nunavut turns to phishing-resistant YubiKeys and experiences a bridge to passwordless.
Read the Bridge to Passwordless Whitepaper Series
Delivering strong authentication and passwordless at scale
Thousands of companies and millions of end-users use YubiKey to simplify and secure logins to computers, internet services, and mobile apps. Our customers include 9 of the top 10 internet companies, 3 of the 5 leading financial and retail companies, and several of the largest governmental entities around the world.
Risk reduction, business growth, and efficiency enabled by YubiKeys
A recent Forrester Consulting Total Economic Impact™ (TEI) study commissioned by Yubico found that a composite organization representative of interviewed customers who use YubiKeys reduced risk of successful phishing and credential theft attacks by 99.9%, saw a drop in password-related helpdesk tickets by 75%, and experienced a 203% 3-year ROI with YubiKeys.
BUT…. all organizations are different. Enter your own company data to create a custom Dynamic TEI study and instantly see how Yubico’s solutions can help your organization!
YubiEnterprise Subscription: peace of mind and flexibility for less than a cup of coffee per user/month
YubiEnterprise Subscription simplifies purchase and support while also providing financial benefits. Estimate your potential savings as compared to one-time perpetual purchasing model
Get started
Find the right YubiKey
Contact our sales team for a personalized assessment of your company’s needs.
CISA’s second version of its Zero Trust Maturity Model gives MFA a big pushThe long-awaited second version of the Cybersecurity and Infrastructure Security Agency’s (CISA) Zero Trust Maturity Model (ZTMM) is here after more than a year of public comments and agency responses. The latest model points federal agencies, and all organizations that work with them, toward a Zero Trust security architecture. The White House laid the groundwork […]
Read more
NIST SP 800-63-4: What the new phishing-resistant definition means for federal agenciesThe recent drafts from National Institute of Standards and Technology (NIST) around cybersecurity highlight important updates on where the government is moving on technology and the focus on increasing security against cyber threats. This is because NIST’s primary goal is to develop and disseminate the standards that allow technology to work seamlessly and businesses to […]
Read more
YubiEnterprise Subscription updates make it easier than ever for enterprises to stop account takeoversWhen we introduced YubiEnterprise Subscription several years ago, we were first to bring an ‘as-a-Service’ model to market that enabled organizations to better consume hardware multi-factor authentication (MFA), saving enterprise customers money and delivering additional value to entry, flexibility, faster rollouts and seamless distribution. Today, we’re excited to announce the latest updates to the YubiEnterprise […]
Read more
Phishing-resistant MFA on Azure AD with YubiKeys now generally availableFollowing last November’s announced public preview of Azure AD Certificate-based authentication (CBA) on iOS and Android devices using certificates on hardware security keys, we’re excited to share that it is now generally available for everyone! Be sure to check out Microsoft’s blog post detailing the general availability here for more information. As mentioned previously, CBA […]
Read more