Ten years ago, at the 2008 RSA Conference, Yubico launched the first YubiKey with the goal of making secure login easy and accessible for everyone. The vision was one single security key to work across any number of services, with great user experience, security, and privacy.
On this anniversary, Yubico has taken another major leap forward toward this vision with the announcement that the recently-launched Security Key by Yubico, with FIDO2, will be supported in Windows 10 devices and Microsoft Azure Active Directory (Azure AD). The feature is currently in limited preview for Microsoft Technology Adoption Program (TAP) customers.
FIDO2 is the passwordless evolution of the FIDO Universal 2nd Factor (U2F) standard, created by Yubico and Google. While U2F included a username and password, FIDO2 supports more use cases, including passwordless authentication. Yubico has worked in close collaboration with Microsoft on developing the FIDO2 technical specifications, and the Security Key by Yubico is the first FIDO2 authentication device on the market.
What Does This Mean?
Organizations will soon have the option to enable employees and customers to sign in to an Azure AD joined device with no password, by simply using a Security Key to get single sign-on to all Azure AD based applications and services. This is just the beginning; Google and Mozilla also announced Chrome and Firefox support for the Web Authentication API (WebAuthn) developed by Yubico and members of the World Wide Web Consortium (W3C) and included in the FIDO2 specification.
Why Is This Important?
Nearly every digital experience today requires passwords, an increasingly frustrating fact of life for businesses and users. For any one person there can be hundreds of sites and devices — both personal and business related — that require memorized passwords. This leads to poor password hygiene: shared and reused passwords. And it is a real cost for businesses managing, storing and resetting passwords for employees and end-users.
Working in conjunction with Windows and Microsoft cloud services, the new Security Key by Yubico offers a secure, seamless and passwordless login experience with one of the world’s largest computer operating systems. Use cases include retail, healthcare, transportation, finance, manufacturing, and more.
How Does It Work?
FIDO2 is built on the same security and privacy features of FIDO U2F: strong public key cryptography, no drivers or client software and one key for unlimited account access with no shared secrets. With FIDO U2F, the user entered a username and password, inserted a security key in the USB-port, and touched the gold area. FIDO2 adds more options to the login process:
- Single Factor: This only requires possession of the Security Key to log in, allowing for a passwordless tap-and-go experience.
- Second-Factor: In a two-factor authentication scenario, such as the current Google and Facebook FIDO U2F implementations, the Security Key by Yubico is used as a strong second factor along with a username and password.
- Multi-Factor: This allows the use of the Security Key by Yubico with an additional factor such as a PIN (instead of a password), to meet the high-assurance requirements of operations like financial transactions, or submitting a prescription.
Who Can Get Involved?
Everyone is encouraged to get involved, and accelerate progress to a secure and passwordless world. As with any open standard, advancement will be a collective industry effort and a process of global adoption. Yubico helped the majority of services in making support for FIDO U2F by providing open source code and support. Together with W3C and FIDO Alliance we have made the FIDO2 open authentication standard available, and we are helping support its rapid integration into services and applications through our new Yubico Developer Program.
Enterprises → Learn about using FIDO2 with Windows 10 devices and Microsoft Azure Active Directory in your enterprise environment. Explore the benefits of FIDO2.
Developers → Implement early support for FIDO2 by signing up for updates from Yubico’s Developer Program. Members will have first access to resources to implement FIDO2 within their applications and services.
Individuals → Are you tired of passwords? If you had a choice to securely and easily login to any device or online service without them, would you? Ask for it! Visit your favorite service or businesses on Twitter and tell them you want to securely login to your account without a password by using FIDO2 and the Security Key by @Yubico!