Strong authentication that eliminates passwords and delivers a more secure and frictionless login experience.
Passwords are no longer the answer
Large scale data breaches and credential theft put user accounts at risk for account takeover.
stolen credentials reported in 2017
of data breaches from weak/stolen passwords
the most commonly used password along with the word password.
The hidden time and cost of passwords
The average user struggles to manage passwords for a dozen or more accounts.
per person, each year, spent on password resets
of helpdesk calls are for password resets
the average estimated cost of a password reset
support cost is password resets
What is passwordless authentication?
Passwordless authentication is any form of authentication that doesn’t require
the user to provide a password at login. There are many different implementations of passwordless authentication today. While traditional multi-factor authentication (MFA) approaches are highly phishable and vulnerable to remote account takeover attacks, modern MFA approaches, including passwordless MFA offer strong phishing resistance and are proven to stop account takeovers in its tracks.
Enterprises that eliminate passwords report better business and security outcomes
New research finds organizations using passwordless technologies experience the fewest phishing attacks, are more productive and achieve greater levels of employee satisfaction.
Think there is only one way to do passwordless?
There are many roads to phishing-resistant passwordless, and all roads lead to stronger security and a better user experience. Organizations can choose to implement smart card passwordless, FIDO2 passwordless using a biometric or a PIN, or a hybrid passwordless approach involving a mix of smart card and FIDO2 passwordless, depending on their existing infrastructure and user scenarios. And, the user can simply authenticate using a passwordless device, such as a hardware security key that can support both smart card and FIDO2 protocols to verify their credentials with the application or system.
Smart card passwordless
Smart cards are a step toward passwordless, and many companies already use them for secure access to sensitive resources and systems. Organizations that have a primarily on-premises infrastructure, or have a BYOD environment should consider implementing a smart card-based passwordless approach. This offers both the benefits of strong security and a passwordless user experience. Smart cards are eminently less phishable than a password-based system, and used effectively in some of the most security-conscious organizations in the world today.
FIDO2 is the newest FIDO Alliance specification for authentication standards, and WebAuthn is a web-based API that allows websites to update their login pages to add FIDO-based authentication on supported browsers and platforms. This is an evolving security ecosystem that will make crossing the bridge to passwordless easier. Cloud-first organizations, or one that has a mix of cloud and on-premises infrastructure can pursue a FIDO2 passwordless strategy. Organizations with cloud-based applications like Office 365 or other SaaS applications, and using any of the existing Identity Providers can consider a FIDO2 passwordless approach.
Increasing organizations are opting to choose a combination of two different types of passwordless approaches to create a solution that solves their passwordless needs. As an example, customers are opting to go with FIDO2 passwordless for computer login and federated web apps, while choosing a smartcard passwordless approach for secure remote access (RDP, VPN, VDI). In this manner organizations can adopt a passwordless strategy to map to specific use cases, given their environments and user segments.
Looking for a FIPS validated solution for passwordless login into Microsoft Azure AD?
Learn about the YubiKey 5 FIPS Series the industry’s first FIPS 140-2 validated hardware security key lineup to support Smart card, FIDO2 and hybrid passwordless.
“Passwordless login represents a massive shift in how billions of users, both business and consumer, will securely log in to their Windows 10 devices and authenticate to Azure Active Directory-based applications and services.”
How does passwordless work?
Passwordless authentication is made possible by the new FIDO2 open authentication standard co-authored by Yubico and Microsoft, along with members of the FIDO Alliance.
Single factor (passwordless):
authenticator + touch/tap
Replaces weak passwords with a hardware authenticator for strong single factor authentication.
authenticator + touch/tap + PIN
Multi-factor with combination of a hardware authenticator with user touch and a PIN, to solve high assurance requirements such as financial transactions, or submitting a prescription.
Learn more about modern MFA and going Passwordless
Is your organization ready to go passwordless? Here is a list of questions to check your readiness
Read the Bridge to Passwordless Whitepaper Series
Delivering strong authentication and passwordless at scale
Thousands of companies and millions of end-users use YubiKey to simplify and secure logins to computers, internet services, and mobile apps. Our customers include 9 of the top 10 internet companies, 3 of the 5 leading financial and retail companies, and several of the largest governmental entities around the world.
YubiKey protects the world’s leading brands
Risk reduction, business growth, and efficiency enabled by YubiKeys
A recent Forrester Consulting Total Economic Impact™ (TEI) study commissioned by Yubico found that a composite organization representative of interviewed customers who use YubiKeys reduced risk of successful phishing and credential theft attacks by 99.9%, saw a drop in password-related helpdesk tickets by 75%, and experienced a 203% 3-year ROI with YubiKeys.
BUT…. all organizations are different. Enter your own company data to create a custom Dynamic TEI study and instantly see how Yubico’s solutions can help your organization!
YubiEnterprise Subscription: peace of mind and flexibility for less than a cup of coffee per user/month
YubiEnterprise Subscription simplifies purchase and support while also providing financial benefits. Estimate your potential savings as compared to one-time perpetual purchasing model
- QR code phishing attacks (Quishing): What to know and how to stay secure
If you immediately think of email when you think of phishing, you’re not alone. However, a new form of a text-based scam is making waves – highlighted by a seemingly legitimate text from the USPS which lets receivers know that their “package” arrived at the warehouse. To receive the package, it instructs users to click […]
- best practices
- QR Code Phishing
- Microsoft updates: Entra ID FIDO2 security key support and Azure Virtual Desktop passwordless sign-in
With the use of phishing-resistant multi-factor authentication (MFA) like passkeys growing more every day, it’s exciting to see the widely popular service, Microsoft 365, announce availability recently for passkeys on YubiKeys with mobile devices. This new Microsoft preview not only opens up support on iOS and iPadOS for Microsoft 365, but for a whole range […]
- Azure Virtual Desktop
- Entra ID
- Microsoft 365
- YubiEnterprise Services update: Expansion of YubiEnterprise Delivery to secure users worldwide, and Single Sign-On (SSO) capabilities for customers using Duo/Cisco
This year, Yubico is continuing to focus on delivering phishing-resistant multi-factor authentication (MFA) to enterprises monthly at value and on a great scale through its YubiEnterprise Subscription offering. Today we’re excited to announce these latest updates, including: With these enhancements, YubiEnterprise Subscription continues to make it easy and flexible for enterprises to adopt phishing-resistant MFA […]
- YubiEnterprise Console
- YubiEnterprise Services
- YubiEnterprise Subscription
- Remaining robust and resilient: A CISOs top recommendations for 2024
As expected, 2023 was another challenging year for information security as organizations continued looking for ways to stay ahead of hackers. We saw an increasing amount and complexity of phishing attacks overall, driven by a major trend throughout the year making a significant impact: AI-driven phishing. Phishing remains the most prevalent attack method due to […]
- best practices