Go passwordless

Strong authentication that eliminates passwords and delivers a more secure and frictionless login experience.

Passwords are no longer the answer

Large scale data breaches and credential theft put user accounts at risk for account takeover.

3.3 Billion

stolen credentials reported in 2017

81%

of data breaches from weak/stolen passwords

123456

the most commonly used password along with the word password.

The hidden time and cost of passwords

The average user struggles to manage passwords for a dozen or more accounts.

21 hours

per person, each year, spent on password resets

20-50%

of helpdesk calls are for password resets

$70

the average estimated cost of a password reset

#1

support cost is password resets

What is passwordless authentication?

Passwordless authentication is any form of authentication that doesn’t require
the user to provide a password at login. There are many different implementations of passwordless authentication today. While traditional multi-factor authentication (MFA) approaches are highly phishable and vulnerable to remote account takeover attacks, modern MFA approaches, including passwordless MFA offer strong phishing resistance and are proven to stop account takeovers in its tracks.

Think there is only one way to do passwordless?
Think again.

There are many roads to phishing-resistant passwordless, and all roads lead to stronger security and a better user experience. Organizations can choose to implement smart card passwordless, FIDO2 passwordless using a biometric or a PIN, or a hybrid passwordless approach involving a mix of smart card and FIDO2 passwordless, depending on their existing infrastructure and user scenarios. And, the user can simply authenticate using a passwordless device, such as a hardware security key that can support both smart card and FIDO2 protocols to verify their credentials with the application or system.

Smart card passwordless

Smart cards are a step toward passwordless, and many companies already use them for secure access to sensitive resources and systems. Organizations that have a primarily on-premises infrastructure, or have a BYOD environment should consider implementing a smart card-based passwordless approach. This offers both the benefits of strong security and a passwordless user experience. Smart cards are eminently less phishable than a password-based system, and used effectively in some of the most security-conscious organizations in the world today. 

FIDO2 passwordless 

FIDO2 is the newest FIDO Alliance specification for authentication standards, and WebAuthn is a web-based API that allows websites to update their login pages to add FIDO-based authentication on supported browsers and platforms. This is an evolving security ecosystem that will make crossing the bridge to passwordless easier. Cloud-first organizations, or one that has a mix of cloud and on-premises infrastructure can pursue a FIDO2 passwordless strategy. Organizations with cloud-based applications like Office 365 or other SaaS applications, and using any of the existing Identity Providers can consider a FIDO2 passwordless approach.

Hybrid passwordless

Increasing organizations are opting to choose a combination of two different types of passwordless approaches to create a solution that solves their passwordless needs. As an example, customers are opting to go with FIDO2 passwordless for computer login and federated web apps, while choosing a smartcard passwordless approach for secure remote access (RDP, VPN, VDI). In this manner organizations can adopt a passwordless strategy to map to specific use cases, given their environments and user segments. 

Looking for a FIPS validated solution for passwordless login into Microsoft Azure AD?
Learn about the YubiKey 5 FIPS Series the industry’s first FIPS 140-2 validated hardware security key lineup to support Smart card, FIDO2 and hybrid passwordless.
Learn more here
“Passwordless login represents a massive shift in how billions of users, both business and consumer, will securely log in to their Windows 10 devices and authenticate to Azure Active Directory-based applications and services.”
Microsoft logo
Alex SimonsCorporate Vice President PM, Microsoft Identity Division

How does passwordless work?

Passwordless authentication is made possible by the new FIDO2 open authentication standard co-authored by Yubico and Microsoft, along with members of the FIDO Alliance.

Single factor (passwordless):
authenticator + touch/tap

Replaces weak passwords with a hardware authenticator for strong single factor authentication.

Multi-factor (passwordless):
authenticator + touch/tap + PIN

Multi-factor with combination of a hardware authenticator with user touch and a PIN, to solve high assurance requirements such as financial transactions, or submitting a prescription.

Learn more about modern MFA and going Passwordless

Is your organization ready to go passwordless? Here is a list of questions to check your readiness 
Read the blog >
person logging into laptop using YubiKey and Microsoft Azure AD
Go Passwordless with YubiKey and Microsoft Azure Active Directory
Read the blog >
Government of Nunavut turns to phishing-resistant YubiKeys and experiences a bridge to passwordless.
Read the case study >

Read the Bridge to Passwordless Whitepaper Series

Separating fact from fiction in your journey
Read the white paper
Key considerations when building a secure passwordless strategy
Read the white paper >
Seven steps to execute a smooth passwordless implementation
Read the white paper >

Delivering strong authentication and passwordless at scale

Thousands of companies and millions of end-users use YubiKey to simplify and secure logins to computers, internet services, and mobile apps. Our customers include 9 of the top 10 internet companies, 3 of the 5 leading financial and retail companies, and several of the largest governmental entities around the world.

Get world class authentication security

for less than a cup of coffee per user/month

Get YubiEnterprise Subscription

YubiKey protects the world’s leading brands

See more customers

Get started

Find the right YubiKey

Contact our sales team for a personalized assessment of your company’s needs.

Contact sales
Get protected today

Browse our online store today and buy the right YubiKey for you.

Buy now

Recommended content

Thumbnail
authenticationGitHubpasswordless

GitHub no longer accepts passwords for Git authentication, secure your accounts with YubiKey

GitHub has been a longstanding supporter of strong security for its customers and developer communities. From its most recent support for using U2F and FIDO2 security keys for SSH, to its 2019 announcement of Web Authentication (WebAuthn) support for security keys and 2015 Universal Second Factor (U2F) support, the company has continued to give its

Read More
Thumbnail
FIDO2passwordlessWebAuthnYubiKey

Top five pitfalls companies should avoid when rolling out a passwordless strategy

Given the number of breaches in the news today where passwords were at the root of the problem, many companies are now exploring the benefits of a secure passwordless future. Secure passwordless logins not only bring cost efficiencies and a more frictionless user login experience into the organization, but deliver the security that is necessary

Read More
Thumbnail
passwordless

Your Bridge to Passwordless: Seven Steps to Execute a Smooth Passwordless Implementation

Learn about the key considerations to take into account when determining your path to passwordless

Read More
Thumbnail
governmentMFApasswordlessstate and local government

State of Alert: Multi-factor authentication and the future of data

Read this report to learn why multi-factor authentication is critical for state and local government agencies, the consequences of not strengthening authentication, and how to bridge to a passwordless future

Read More