With 1 YubiKey, access to hundreds of personal and business applications can be secured. Most computers, websites and servers integrate out-of-the-box with the YubiKey allowing the security key to be associated directly with the application:
Passwordless authentication for Microsoft Azure Active Directory (FIDO2).
Secure access to Windows 10 and Office365, among others, with the YubiKey. Using the YubiKey to log into Azure AD accounts eliminates the need for a username and password. This modern form of authentication is more secure and user-friendly than traditional forms of (2-factor) authentication.
Certificate-based authentication (Smartcard)
To secure access to Windows (AD), RDP, VPN, and various telecommuting facilities, among others, you can use the YubiKey as a smartcard. The YubiKey can thus be used to authenticate via USB or NFC with a certificate. Through AD Group Policies, you can also arrange for a user to be automatically logged out when the YubiKey is removed from the USB port.
Extremely secure 2-factor authentication (FIDO2 / U2F)
Many software manufacturers have made an integration with the YubiKey based on FIDO. FIDO stands for Fast IDentity Online and is an open-source cryptography-based authentication protocol. For each application, the YubiKey generates a unique public-private keypair and with each FIDO authentication attempt, the YubiKey verifies the origin of the authentication request, to protect against phishing / man-in-the-middle attacks.
FIDO is supported by various MFA, IAM and PAM solutions, among others. Examples include Entrust, Okta, Duo, NetIQ, SurfSecureID and Ping. Various cloud applications (Google, Salesforce, Dropbox) and password managers (Lastpass, Dashlane, 1Password) can also be secured with a YubiKey.
Alternative to-or combination with-software tokens.
Some companies want to give their employees the choice between software or hardware 2-factor authentication. For example, it may be convenient to allow an employee to log in with a YubiKey when that person is not allowed, cannot or does not want to use a cell phone for 2-factor authentication.
Yubico Webinars
