Having all three factors of authentication on a Yubikey make it a supremely secure MFA tool. It also doesn’t add any burden to the end user like a password does, preserving the user experience. A digital certificate is like a photo ID: it’s tied to the identity of the user or device and can’t be transferred. Since a Yubikey uses both a PIN and the physical authentication token, it has two factors of authentication, making it 2FA in and of itself.Īdding digital certificates to a Yubikey with our software adds the third and final factor of authentication – “something you are”. Passwords and PINs are another form of authentication – “something you know”. PIV-Backed security keys like the Yubikey are an excellent tool for hardening your security because they offer an additional factor of authentication – “something you have”. Advantages of using Certificates on Yubikeys So, yes, it’s still possible to use Yubikeys to access Windows Hello (and Windows Hello for Business) with our solution – and our implementation comes with some significant upgrades. And, in our capacity as an official Yubico Partner, SecureW2 has developed a solution for enrolling Yubikey 5 series keys for digital certificates. However, Windows Hello does still support FIDO2. Because Microsoft deprecated their Companion Device Framework for Windows Hello, the integration no longer worked. The first is that only the Yubikey 4 series keys are compatible, not the vastly superior series 5.īut that’s a moot point because of the second, much bigger, issue: Yubikey removed their Windows Hello solution from the Microsoft store in September of 2019. Unfortunately, there’s two big problems with the current state of the Yubikey-Windows Hello solution. It’s particularly useful in situations where devices don’t have an inbuilt biometric scanner – such as is the case in most managed device deployments. One of the most useful features of Windows Hello is the ability to use FIDO2 security keys, such as the Yubikey, in addition to (or as a replacement for) the primary device’s biometric hardware. Windows Hello is one of the easiest ways to add biometric security to your authentication protocols, and if you’re already using other common components of the Microsoft ecosystem for authentication (AD or Azure AD), integration is a cinch.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |